Updated from Slack docs, 2026/02/17

Slack API Ref Buildbot · Slack API Ref Buildbot · commit fe6ceea2f1f8 · 2026-02-17T22:51:47.000Z
diff --git a/docs.slack.dev/methods/assistant.search.context.json b/docs.slack.dev/methods/assistant.search.context.json
@@ -3,10 +3,17 @@
   "http_method": "POST",
   "scope": {
     "user": [
-      "search:read"
+      "search:read.public",
+      "search:read.private",
+      "search:read.im",
+      "search:read.mpim",
+      "search:read.files",
+      "search:read.users"
     ],
     "bot": [
-      "search:read.public"
+      "search:read.public",
+      "search:read.files",
+      "search:read.users"
     ]
   },
   "rate_limits": "t5",
diff --git a/docs.slack.dev/methods/methods.json b/docs.slack.dev/methods/methods.json
@@ -1672,6 +1672,13 @@
       "oauth"
     ]
   },
+  {
+    "name": "oauth.v2.user.access",
+    "description": "Exchanges a temporary OAuth verifier code for a user access token.",
+    "family": [
+      "oauth"
+    ]
+  },
   {
     "name": "openid.connect.token",
     "description": "Exchanges a temporary OAuth verifier code for an access token for Sign in with Slack.",
diff --git a/docs.slack.dev/methods/oauth.v2.user.access.json b/docs.slack.dev/methods/oauth.v2.user.access.json
@@ -0,0 +1,226 @@
+{
+  "desc": "Exchanges a temporary OAuth verifier code for a user access token.",
+  "http_method": "POST",
+  "scope": {},
+  "rate_limits": "t5",
+  "args": {
+    "type": "object",
+    "discardAdditionalProperties": true,
+    "properties": {
+      "client_id": {
+        "desc": "Issued when you created your application. If possible, avoid sending `client_id` and `client_secret` as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme.",
+        "example": "2141029472.691202649728",
+        "logged": true,
+        "type": "string"
+      },
+      "client_secret": {
+        "desc": "Issued when you created your application. If possible, avoid sending `client_id` and `client_secret` as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme.",
+        "example": "e1b9e11dfcd19c1982d5de12921e17e8c",
+        "type": "string"
+      },
+      "code": {
+        "desc": "The `code` param returned via the OAuth callback.",
+        "example": "4724469134.4644010092847.232b4e6d82c333b475fc30f5f5a341d294feb1a94392c2fd791f7ab7731a443d1a",
+        "logged": true,
+        "type": "string"
+      },
+      "code_verifier": {
+        "desc": "The code_verifier param used to generate the code_challenge originally. Used for PKCE.",
+        "example": "secret12345",
+        "logged": false,
+        "type": "string"
+      },
+      "redirect_uri": {
+        "desc": "This must match the originally submitted URI (if one was sent).",
+        "example": "http://example.com",
+        "logged": true,
+        "type": "string"
+      },
+      "grant_type": {
+        "desc": "The `grant_type` param as described in the OAuth spec.",
+        "example": "authorization_code",
+        "logged": true,
+        "type": "string"
+      },
+      "refresh_token": {
+        "desc": "The `refresh_token` param as described in the OAuth spec.",
+        "example": "xoxe-1-abcdefg",
+        "logged": false,
+        "type": "string"
+      }
+    }
+  },
+  "output": {
+    "desc": "User access token and app installation information",
+    "type": "object",
+    "required": [
+      "app_id",
+      "token_type",
+      "access_token",
+      "user_id",
+      "team",
+      "enterprise",
+      "is_enterprise_install"
+    ],
+    "additionalProperties": false,
+    "properties": {
+      "access_token": {
+        "type": "string",
+        "desc": "A user access token."
+      },
+      "token_type": {
+        "type": "string",
+        "desc": "The type of access token.",
+        "enum": [
+          "user"
+        ]
+      },
+      "scope": {
+        "type": "string",
+        "desc": "Comma-separated list of scopes granted to the token."
+      },
+      "user_id": {
+        "type": "string",
+        "subtype": "user",
+        "desc": "The user ID of the user corresponding to the token."
+      },
+      "app_id": {
+        "type": "string",
+        "subtype": "app",
+        "desc": "ID of the app being installed or re-installed."
+      },
+      "is_enterprise_install": {
+        "type": "boolean",
+        "desc": "Boolean flag indicating whether the generated token is enterprise level token or not"
+      },
+      "expires_in": {
+        "type": "integer",
+        "desc": "Time until this credential expires, if it expires at all"
+      },
+      "refresh_token": {
+        "type": "string",
+        "desc": "Refresh token for this credential"
+      },
+      "team": {
+        "anyOf": [
+          {
+            "type": "null"
+          },
+          {
+            "type": "object",
+            "desc": "Details about the team.",
+            "additionalProperties": false,
+            "required": [
+              "id"
+            ],
+            "properties": {
+              "id": {
+                "type": "string",
+                "subtype": "team",
+                "desc": "ID of the team into which the app is being installed or re-installed."
+              },
+              "name": {
+                "desc": "Name of the team into which the app is being installed or re-installed.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "enterprise": {
+        "anyOf": [
+          {
+            "type": "null"
+          },
+          {
+            "type": "object",
+            "desc": "Details about the enterprise.",
+            "additionalProperties": false,
+            "required": [
+              "id"
+            ],
+            "properties": {
+              "id": {
+                "type": "string",
+                "subtype": "team",
+                "desc": "ID of the enterprise into which the app is being installed or re-installed."
+              },
+              "name": {
+                "desc": "Name of the enterprise into which the app is being installed or re-installed.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      }
+    }
+  },
+  "errors": {
+    "bad_client_secret": {
+      "desc": "Value passed for `client_secret` was invalid."
+    },
+    "bad_redirect_uri": {
+      "desc": "Value passed for `redirect_uri` did not match the `redirect_uri` in the original request."
+    },
+    "cannot_install_an_org_installed_app": {
+      "desc": "Returned when the the org-installed app cannot be installed on a workspace."
+    },
+    "invalid_client_id": {
+      "desc": "Value passed for `client_id` was invalid."
+    },
+    "invalid_code": {
+      "desc": "Value passed for `code` was invalid."
+    },
+    "invalid_grant_type": {
+      "desc": "Value passed for `grant_type` was invalid."
+    },
+    "invalid_refresh_token": {
+      "desc": "The given refresh token is invalid."
+    },
+    "no_scopes": {
+      "desc": "Missing `scope` in the request."
+    },
+    "no_user_scopes": {
+      "desc": "Missing user `scope` in the auth request."
+    },
+    "not_implemented": {
+      "desc": "Method  not yet supported"
+    },
+    "oauth_authorization_url_mismatch": {
+      "desc": "The OAuth flow was initiated on an incorrect version of the authorization url. The flow must be initiated via /oauth/v2/authorize ."
+    },
+    "preview_feature_not_available": {
+      "desc": "Returned when the API method is not yet available on the team in context."
+    },
+    "user_email_unverified": {
+      "desc": "The users email is unverified"
+    }
+  },
+  "examples": {
+    "success": {
+      "url": "/api/oauth.v2.user.access",
+      "description": "Successful token request with scopes for a user token.",
+      "example": {
+        "ok": true,
+        "access_token": "xoxp-123456789...",
+        "token_type": "user",
+        "id_token": "eyJhbGciOiJSUzI1Ni...",
+        "authed_user": {
+          "id": "U12345",
+          "scope": "openid,email,profile"
+        },
+        "team": {
+          "id": "T012345"
+        }
+      }
+    },
+    "error": {
+      "url": "/api/oauth.v2.user.access",
+      "description": "Typical error response.",
+      "example": {
+        "ok": false,
+        "error": "invalid_code"
+      }
+    }
+  }
+}
diff --git a/methods/oauth/oauth.v2.user.access.json b/methods/oauth/oauth.v2.user.access.json
@@ -0,0 +1,99 @@
+{
+  "group": "oauth",
+  "name": "oauth.v2.user.access",
+  "deprecated": false,
+  "desc": "Exchanges a temporary OAuth verifier code for a user access token.",
+  "args": {
+    "client_id": {
+      "required": null,
+      "example": "2141029472.691202649728",
+      "desc": "Issued when you created your application. If possible, avoid sending client_id and client_secret as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme.",
+      "type": "string"
+    },
+    "client_secret": {
+      "required": null,
+      "example": "e1b9e11dfcd19c1982d5de12921e17e8c",
+      "desc": "Issued when you created your application. If possible, avoid sending client_id and client_secret as parameters in your request and instead supply the Client ID and Client Secret using the HTTP Basic authentication scheme.",
+      "type": "string"
+    },
+    "code": {
+      "required": null,
+      "example": "4724469134.4644010092847.232b4e6d82c333b475fc30f5f5a341d294feb1a94392c2fd791f7ab7731a443d1a",
+      "desc": "The code param returned via the OAuth callback.",
+      "type": "string"
+    },
+    "code_verifier": {
+      "required": null,
+      "example": "secret12345",
+      "desc": "The code_verifier param used to generate the code_challenge originally. Used for PKCE.",
+      "type": "string"
+    },
+    "redirect_uri": {
+      "required": null,
+      "example": "http://example.com",
+      "desc": "This must match the originally submitted URI (if one was sent).",
+      "type": "string"
+    },
+    "grant_type": {
+      "required": null,
+      "example": "authorization_code",
+      "desc": "The grant_type param as described in the OAuth spec.",
+      "type": "string"
+    },
+    "refresh_token": {
+      "required": null,
+      "example": "xoxe-1-abcdefg",
+      "desc": "The refresh_token param as described in the OAuth spec.",
+      "type": "string"
+    }
+  },
+  "response": {
+    "examples": [
+      "{\n    \"ok\": true,\n    \"access_token\": \"xoxp-123456789...\",\n    \"token_type\": \"user\",\n    \"id_token\": \"eyJhbGciOiJSUzI1Ni...\",\n    \"authed_user\": {\n        \"id\": \"U12345\",\n        \"scope\": \"openid,email,profile\"\n    },\n    \"team\": {\n        \"id\": \"T012345\"\n    }\n}",
+      "{\n    \"ok\": false,\n    \"error\": \"invalid_code\"\n}"
+    ]
+  },
+  "errors": {
+    "access_denied": "Access to a resource specified in the request is denied.",
+    "accesslimited": "Access to this method is limited on the current network.",
+    "account_inactive": "Authentication token is for a deleted user or workspace when using a bot token.",
+    "bad_client_secret": "Value passed for `client_secret` was invalid.",
+    "bad_redirect_uri": "Value passed for `redirect_uri` did not match the `redirect_uri` in the original request.",
+    "cannot_install_an_org_installed_app": "Returned when the the org-installed app cannot be installed on a workspace.",
+    "deprecated_endpoint": "The endpoint has been deprecated.",
+    "ekm_access_denied": "Administrators have suspended the ability to post a message.",
+    "enterprise_is_restricted": "The method cannot be called from an Enterprise.",
+    "fatal_error": "The server could not complete your operation(s) without encountering a catastrophic error. It's possible some aspect of the operation succeeded before the error was raised.",
+    "invalid_arg_name": "The method was passed an argument whose name falls outside the bounds of accepted or expected values. This includes very long names and names with non-alphanumeric characters other than _. If you get this error, it is typically an indication that you have made a very malformed API call.",
+    "invalid_array_arg": "The method was passed an array as an argument. Please only input valid strings.",
+    "invalid_charset": "The method was called via a POST request, but the charset specified in the Content-Type header was invalid. Valid charset names are: utf-8 iso-8859-1.",
+    "invalid_client_id": "Value passed for `client_id` was invalid.",
+    "invalid_code": "Value passed for `code` was invalid.",
+    "invalid_form_data": "The method was called via a POST request with Content-Type application/x-www-form-urlencoded or multipart/form-data, but the form data was either missing or syntactically invalid.",
+    "invalid_grant_type": "Value passed for `grant_type` was invalid.",
+    "invalid_post_type": "The method was called via a POST request, but the specified Content-Type was invalid. Valid types are: application/json application/x-www-form-urlencoded multipart/form-data text/plain.",
+    "invalid_refresh_token": "The given refresh token is invalid.",
+    "is_bot": "This method cannot be called by a legacy bot.",
+    "method_deprecated": "The method has been deprecated.",
+    "missing_post_type": "The method was called via a POST request and included a data payload, but the request did not include a Content-Type header.",
+    "missing_scope": "The token used is not granted the specific scope permissions required to complete this request.",
+    "no_permission": "The workspace token used in this request does not have the permissions necessary to complete the request. Make sure your app is a member of the conversation it's attempting to post a message to.",
+    "no_scopes": "Missing `scope` in the request.",
+    "no_user_scopes": "Missing user `scope` in the auth request.",
+    "not_allowed_token_type": "The token type used in this request is not allowed.",
+    "not_authed": "No authentication token provided.",
+    "not_implemented": "Method  not yet supported",
+    "oauth_authorization_url_mismatch": "The OAuth flow was initiated on an incorrect version of the authorization url. The flow must be initiated via /oauth/v2/authorize .",
+    "org_login_required": "The workspace is undergoing an enterprise migration and will not be available until migration is complete.",
+    "preview_feature_not_available": "Returned when the API method is not yet available on the team in context.",
+    "ratelimited": "The request has been ratelimited. Refer to the Retry-After header for when to retry the request.",
+    "request_timeout": "The method was called via a POST request, but the POST data was either missing or truncated.",
+    "service_unavailable": "The service is temporarily unavailable.",
+    "team_added_to_org": "The workspace associated with your request is currently undergoing migration to an Enterprise Organization. Web API and other platform operations will be intermittently unavailable until the transition is complete.",
+    "token_expired": "Authentication token has expired.",
+    "token_revoked": "Authentication token is for a deleted user or workspace or the app has been removed when using a user token.",
+    "two_factor_setup_required": "Two factor setup is required.",
+    "unknown_method": "This method is currently not available.",
+    "user_email_unverified": "The users email is unverified"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -1672,6 +1672,13 @@`
`1672`	`1672`	`"oauth"`
`1673`	`1673`	`]`
`1674`	`1674`	`},`
	`1675`	`+ {`
	`1676`	`+ "name": "oauth.v2.user.access",`
	`1677`	`+ "description": "Exchanges a temporary OAuth verifier code for a user access token.",`
	`1678`	`+ "family": [`
	`1679`	`+ "oauth"`
	`1680`	`+ ]`
	`1681`	`+ },`
`1675`	`1682`	`{`
`1676`	`1683`	`"name": "openid.connect.token",`
`1677`	`1684`	`"description": "Exchanges a temporary OAuth verifier code for an access token for Sign in with Slack.",`