Skip to main content
The Slack integration is a 3-tier hybrid: an MCP-based v1 lookup, an opt-in event-stream ingestion, and an enterprise-tier Events API tap. Most teams will run on the v1 + opt-in path. This page covers the routes that wire those tiers.

OAuth

Start the OAuth flow: 
curl -X GET https://app.dacard.ai/api/integrations/slack/oauth-start \
  -H "Authorization: Bearer $DACARD_API_KEY"
Returns a 302 to Slack’s consent screen. Slack redirects back to: 
GET /api/integrations/slack/oauth-callback?code=...&state=...
PropertyValue
Auth (start)Required
Auth (callback)None (state token is the binding)

Subscribe to channels

curl -X POST https://app.dacard.ai/api/integrations/slack/subscribe \
  -H "Authorization: Bearer $DACARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "channelIds": ["C12345", "C67890"] }'
Subscribes the integration to events from the listed channels. Used by the rail’s “What’s cooking” feed and Slack-source tribal note ingestion.

Unsubscribe

curl -X POST https://app.dacard.ai/api/integrations/slack/unsubscribe \
  -H "Authorization: Bearer $DACARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "channelIds": ["C12345"] }'

Receive events (Slack to Dacard)

POST /api/integrations/slack/events
Content-Type: application/json
x-slack-signature: <signature>
x-slack-request-timestamp: <ts>
The events route validates Slack’s signing secret. Used for URL verification and event ingestion. Public route; signature is the only auth.

Revoke

curl -X POST https://app.dacard.ai/api/integrations/slack/revoke \
  -H "Authorization: Bearer $DACARD_API_KEY"
Revokes the OAuth token at Slack and deletes the integration record.

Opt-out a workspace

curl -X POST https://app.dacard.ai/api/settings/slack/optout \
  -H "Authorization: Bearer $DACARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "workspaceId": "T12345" }'

Redact a message

curl -X POST https://app.dacard.ai/api/settings/slack/redact-message \
  -H "Authorization: Bearer $DACARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "channelId": "C12345", "ts": "1714680000.000100" }'
Redacts a previously ingested Slack message. The message body is overwritten with a tombstone; the source row is preserved for audit.

Errors

All Slack routes can return:
StatusCodeWhen
401AUTH_REQUIRED / Invalid Slack signatureAuth or signature failure.
404Slack not connectedNo integration record.
500INTERNAL_ERRORWrite or Slack API call failed.
The webhook test endpoint at POST /api/integrations/slack-webhook/test lets you fire a sample event against your subscribed channels for QA.