Slack Integration
Tap can deliver campaign invitations through Slack direct messages as an alternative to email. When a campaign uses Slack as its delivery channel, participants receive a DM in their workspace with a link to the feedback conversation.
How It Works
An organization admin installs the Tap Slack app in their workspace via OAuth. Once installed, campaigns can be configured to use Slack as the delivery channel instead of email. When the campaign launches, Tap sends personalized DMs to each participant with their unique feedback link.
The flow below shows how the OAuth installation and message delivery work end-to-end.
Color key: This is a sequence diagram showing the time-ordered interaction between Admin, Tap Backend, Slack API, and Participant.
OAuth Flow
The Slack integration uses OAuth 2.0 for workspace installation:
- Admin initiates -- Clicks "Connect Slack" in organization settings
- Slack authorization -- Admin is redirected to Slack's OAuth consent screen
- Token exchange -- Tap backend receives the authorization code and exchanges it for an access token
- Installation stored -- The workspace's bot token and team info are saved for future use
The integration uses Slack's Bolt framework for app initialization and event handling.
Message Delivery
Campaign invitations are sent as background jobs to handle large participant lists without blocking the API:
| Component | Purpose |
|---|---|
| Invitation jobs | Each participant gets a queued job for delivery |
| SlackQueue rate limiter | Throttles API calls to stay within Slack's rate limits |
| Retry logic | Failed deliveries are retried with backoff |
| Status tracking | Each participant's delivery status is tracked in the database |
Event Handling
When participants interact with messages in Slack, the Tap backend processes events through a message handling pipeline:
- Event received -- Slack sends an event to Tap's webhook endpoint
- Event validated -- Signature verification ensures the event is from Slack
- Action processed -- The backend routes the event to the appropriate handler
- Response sent -- Acknowledgment returned to Slack within 3 seconds (Slack's requirement)
Rate Limiting
The Slack integration uses a dedicated slackQueue rate limiter to prevent hitting Slack's API limits. This is separate from the email rate limiter and is configured for Slack's specific throughput constraints.
Security
| Concern | How It's Handled |
|---|---|
| Token storage | OAuth tokens are stored securely, scoped to the installing workspace |
| Event verification | All incoming webhooks are validated using Slack's signing secret |
| Scope minimization | The app requests only the permissions it needs (DM sending, user lookup) |
| Data isolation | Each workspace installation is tied to a specific Tap organization |