Prerequisites
The authorization code provided in the redirect URI can only be exchanged once and expires 10 minutes after issuance. You must exchange an authorization code with an access token or an access token/refresh token pair. You can then use the access_token
to call API methods on behalf of the user.
Returns
See the Authorization model.
What's Next
After the access_token
is received, the application is considered installed. The application appears in the 'installed apps' section of the team settings.
You can now use the access token for REST API requests.
Notes
Authentication endpoints are not being deprecated. These endpoints remain the same and use v1 in the endpoint URLs, as documented.
If you haven't enabled the expire user authorization token feature, the token will continue functioning until the user uninstalls your app from the team. If you enabled the expire user authorization token feature, the access token expires in 1 hour and the refresh token expires in 60 days.