Plugging Python Code Into Slack, Maybe For A Chatbot
The scripting language Python can retrieve information from or publish information to the messaging app Slack. This means you can write a chatbot that puts info into Slack for you, or accepts your queries using Slack as the interface. This is useful if you spend a lot of time in Slack, as I do.
The hard work of integrating Slack and Python has been done already. Slack offers an API, and there are at least two open source Python libraries that make leveraging these APIs in your Python code easy.
When searching for Slack projects using Python, most of the top hits are using Slack’s official python-slackclient. Github reveals that python-slackclient is an active project, with recent commits. In addition, most code examples I turned up are using python-slackclient. But it’s not a preference borne of experience. Maybe you’d prefer an alternate library like slacker.
Securing The Slack App Security Token
The slackclient library is security-conscious. Some other library sample code shows putting the Slack access token right in the source code as a static variable assignment, which is a terrible, horrible, no good, very bad idea. Why? If you publish your source code in a public repository, anyone that trawls through it potentially has access to your Slack channel from their own app.
The slackclient library readme suggests the more secure token management method of using an environment variable to pass in a token to the Python script. Beyond this, the slackclient library also explains how to use automatic token refresh for key rotation. I haven’t grokked token rotation just yet, but it’s an interesting topic along with Slack IP whitelisting.
Creating A Slack App, Generating A Token & COnnecting Python To It
- I’ll assume you’ve got Python installed already. My environment happens to be Python 3.6.7 on Ubuntu Server 18.04.
- I’ll also assume you’re a sudoer, and are using pip as your Python package manager. Install Slack’s official slackclient python library.
sudo pip install slackclient
- Now you need to create an app and generate tokens. You should be logged in as an admin to your Slack space. Then…
- Check out https://api.slack.com/slack-apps for more information on this process.
- If you’re working on a chatbot, your app will need to be given bot functionality. There’s a screen for that in the app creation process.
- As you click through the app creation process and assign bot functionality, Slack will also generate OAuth access tokens. For Python, you care about the Bot User OAuth Access Token.
- Slack tokens are everything required for authentication to your Slack channel. Protect it like a password. Don’t hardcode the access token into your script as a variable value. A more secure process is to set the access token to be an environment variable, and pass the environment variable into your Python script. See below.
Armed with the token and slackclient library, your Python installation is now Slack-capable.
I took this code right from the python-slackclient github readme page to make sure things were working without having to read any documentation.
- In Slack, I created a private channel called #pentabot to run my test in.
- I invited my shiny new app I’d called Pentabot to be a member of the channel.
- From my dev machine, I ran the following script with the following command, which creates the environment variable SLACK_BOT_TOKEN before executing the script. The script then reads the environment variable from os.environ[“SLACK_BOT_TOKEN”].
- SLACK_BOT_TOKEN=”xoxb-abc-1234″ python myapp.py
- Your token value is not going to be xoxb-abc-1234. It’s going to be whatever Slack assigned your app.
#myapp.py import os from slackclient import SlackClient slack_token = os.environ["SLACK_BOT_TOKEN"] sc = SlackClient(slack_token) sc.api_call( "chat.postMessage", channel="pentabot", text="Hello, world! :boom:" )
Last updated 18-Feb-2019.