Back
This checklist walks you through the practical steps to build and deploy a Slack bot: creating the app, configuring OAuth and events, formatting messages with Block Kit, handling errors and rate limits, and deploying to a cloud function. It’s for developers, technical PMs, and builders who want a clear, actionable path from Slack app setup to production-ready bot.
Progress
0 / 17
- Create a new Slack App in the Slack API dashboard
- Name the app and choose a development workspace — Use a clear name and pick a workspace for testing before production
- Configure OAuth & Permissions and add required scopes — Include bot scopes like chat:write, commands, users:read and any granular scopes needed
- Install the app to your workspace to obtain OAuth tokens — Run the install flow to get the Bot OAuth token and any OAuth access tokens
- Store OAuth tokens and the signing secret securely — Use environment variables or a secrets manager; never commit secrets to source control
- Enable Event Subscriptions and provide a public Request URL — Use HTTPS endpoint; ngrok is fine for dev. Verify Slack's URL challenge.
- Subscribe to the bot events your app needs (e.g., app_mention, message.channels) — Only subscribe to events required to minimize permissions and traffic
- Register slash commands and configure request URLs and descriptions — Set command name, short description, and usage hint for users
- Build message payloads with Block Kit
- Test Block Kit layouts in the Block Kit Builder — Iterate designs and copy the JSON into your code for consistent rendering
- Add plain-text fallbacks and accessibility labels to messages — Provide fallback text for non-block clients and improve accessibility
- Implement interactive component handlers and acknowledge requests quickly — Acknowledge actions within 3 seconds and verify requests using the signing secret
- Add error handling, structured logging, and retry-safe logic — Log errors, return proper HTTP statuses, and make handlers idempotent where possible
- Implement rate limit detection and exponential backoff — Respect X-RateLimit headers and back off to avoid throttling
- Write automated tests and a manual test plan for commands and events — Cover command parsing, event handling, and interactive flows in tests
- Deploy the bot to a cloud function or hosting and configure the public endpoint — Deploy to Cloud Functions, AWS Lambda, or a container and set env vars for tokens and signing secret
- Set up monitoring, alerts, and regular token rotation — Monitor logs and errors, alert on failures, and rotate credentials periodically
Your Stats
🏆
0
Completed
📅
—
Last Done
⏱️
—
Last Time
Completion Rate
Items checked per run
⚡
—
Fastest Run
🔥
0
Streak
🚫
—
Most Skipped Step
🔄
0
Resets
📝 My Notes