TickYouOff
Back
🤖

Building a Slack Bot

Medium 17 items · 2 hours
testuser's avatar
testuser Published 1 month ago

This checklist walks you through the practical steps to build and deploy a Slack bot: creating the app, configuring OAuth and events, formatting messages with Block Kit, handling errors and rate limits, and deploying to a cloud function. It’s for developers, technical PMs, and builders who want a clear, actionable path from Slack app setup to production-ready bot.

Progress
0 / 17
  1. Create a new Slack App in the Slack API dashboard
  2. Name the app and choose a development workspace — Use a clear name and pick a workspace for testing before production
  3. Configure OAuth & Permissions and add required scopes — Include bot scopes like chat:write, commands, users:read and any granular scopes needed
  4. Install the app to your workspace to obtain OAuth tokens — Run the install flow to get the Bot OAuth token and any OAuth access tokens
  5. Store OAuth tokens and the signing secret securely — Use environment variables or a secrets manager; never commit secrets to source control
  6. Enable Event Subscriptions and provide a public Request URL — Use HTTPS endpoint; ngrok is fine for dev. Verify Slack's URL challenge.
  7. Subscribe to the bot events your app needs (e.g., app_mention, message.channels) — Only subscribe to events required to minimize permissions and traffic
  8. Register slash commands and configure request URLs and descriptions — Set command name, short description, and usage hint for users
  9. Build message payloads with Block Kit
  10. Test Block Kit layouts in the Block Kit Builder — Iterate designs and copy the JSON into your code for consistent rendering
  11. Add plain-text fallbacks and accessibility labels to messages — Provide fallback text for non-block clients and improve accessibility
  12. Implement interactive component handlers and acknowledge requests quickly — Acknowledge actions within 3 seconds and verify requests using the signing secret
  13. Add error handling, structured logging, and retry-safe logic — Log errors, return proper HTTP statuses, and make handlers idempotent where possible
  14. Implement rate limit detection and exponential backoff — Respect X-RateLimit headers and back off to avoid throttling
  15. Write automated tests and a manual test plan for commands and events — Cover command parsing, event handling, and interactive flows in tests
  16. Deploy the bot to a cloud function or hosting and configure the public endpoint — Deploy to Cloud Functions, AWS Lambda, or a container and set env vars for tokens and signing secret
  17. Set up monitoring, alerts, and regular token rotation — Monitor logs and errors, alert on failures, and rotate credentials periodically
Sign in to save
📝 My Notes