App configuration tokens (or config tokens for short) are special, short-lived access tokens. Config tokens are solely used to create and configure Slack apps using our App Manifest APIs.
Each config token is unique to a user and a workspace, but not an app. This means you can manage the configuration of any of your apps in a single development workspace, with just one config token.
Read on to learn how to create an app configuration token and how you can refresh expired config tokens.
Use the generator below to create and delete your config tokens.
When you create a configuration token, the "Slack Tooling Tokens Vendor" app will be added to the workspace.
Once you have generated a configuration access token, it can be used with any of the App Manifest APIs. Please read our guide to Using the App Manifest APIs to find out how.
Each app configuration token will expire 12 hours after it has been generated. In order to continually rotate your config tokens, you are also provided with a refresh token.
It's strongly suggested that you refresh your token before it expires, rather than waiting for it to expire and checking for an error from the Slack API.
In order to refresh config tokens, make a call to tooling.tokens.rotate, using the refresh token in the refresh_token argument. In response you'll receive something like this:
{
"ok": true,
"token": "xoxe.xoxp-...",
"refresh_token": "xoxe-...",
"team_id": "...",
"user_id": "...",
"iat": 1633095660,
"exp": 1633138860
}
The token field contains your new config access token, which you can then store and use for Manifest API calls. The refresh_token field contains a new refresh token.
The remainder of the response above contains fields which identify the source workspace and user of each token, as well as timestamps which indicate when the token was issued and when it will expire.