07 Sep 2021 - Alex Freas
If you’re like me, you want to build a super amazing tool that integrates seamlessly with Slack. Like it or not, Slack is a huge part of our daily work! Slack apps are really gaining momentum in their popularity, and this is a perfect time to get in near the ground floor with Slack apps. Their App Directory is still relatively new, and Slack’s user base keeps expanding by leaps and bounds every year.
I will share here the experience I had submitting my app, Truffle, to the Slack App Directory, along with some pain points and where it could have gone smoother.
Think of the Slack App Directory as the Play Store for Android or App Store for iOS. Apple and Google want to deliver a certain level of quality and consistency to their users, so they provide a distribution mechanism that they alone control. For better or for worse, they control the pipeline of apps that reach their users and interact with their flagship products. Slack is no different.
It is certainly possible to build a Slack app and distribute it without having to submit to the App Directory. Slack even provides a way to do this by providing you with “Add to Slack” buttons and links while you are developing your app. Any workspace can install your app by clicking these links. However, when users try to add your app to their workspace, they will be shown a message that will probably cause some friction.
The yellow banner at the top is definitely a no-go for many Slack admins, who will likely be the people you will need to convince to install your app. I experienced this when doing interviews with potential users and customers for Truffle: they knew their admin would not approve something that showed this warning.
What Slack requires is a level of security and transparency that exists to protect the organizations using Slack. Because Slack is such a key tool in organizations’ toolchains, it’s essential that only apps that pass this bar are allowed into the Directory.
From the start of your submission process, it’s important to keep in mind that what Slack is looking for is a high quality experience and secure environment for their users. It should be mentioned, as well, that a real human or several humans will actually install your app and use it, so it’s very important you double check everything before pressing the button. More than that, you should really keep in mind that the content of your submission will be read by workspace admins and security folks at organizations, so the content you provide should be clear for that audience.
First, you will need to provide some basic information about your app. Make sure the name is appropriate, don’t try to stuff keywords in there in order to help you rank higher. I have not seen any app in the Directory that uses this tactic, and it’s just tacky anyway. You can add keywords for discoverability in the “Short description” field.
The Display Information for Truffle
What you will also want to do is add a long description of your app. A small tip that I only learned after I submitted Truffle was that this section supports Markdown! You can add a bit of flair here to make your description stand out and be more readable.
Markdown is supported!
Slack wants to make sure that you are requesting only the exact permissions you need for your app to work, and that you have provided an adequate description of why you have requested those scopes. If you’ve already developed your app, you are probably quite familiar with what those permissions can do. While you are developing, you may have added some permissions that you don’t need or that are too broad for your app’s functionality, so it’s important that you go back and audit each permission you are requesting in order to ensure that you absolutely need it.
For example, when I made the initial submission for Truffle, I included the
users:read.email scope. During review, the Slack reviewers asked if this scope was necessary, as it was only granted for apps that created an account outside of the Slack app for users to manage their data. This was not the case with Truffle, so I was told I needed to only ask for the
users:read scope instead. The only difference between these two scopes is that your app will not have permission to view users’ email addresses when requesting their profile via the API.
Each permission will require you to provide an explanation of why this permission is necessary.
Even with the limited scopes that your app will require, your app will probably be able to do a lot inside a Slack workspace, making it quite powerful. It’s important that you clearly explain and provide links to your security policies, data warehousing policies, and data removal policies, so that admins of a workspace can feel that their organization’s chats and shared information will be safe.
There are a lot of fields in this part of the submission, and though many of them are not required, I recommend providing as much information as you can in order to boost confidence with your potential users. Something else I recommend is to provide links to your website that elaborate further on the policy in question, e.g. your privacy or data storage policy.
Each time you change something with your Slack app, no matter how small, it must be re-reviewed. This applies to the Display Information section in the Basic Information tab of the submission, as well. Keep in mind that your app may be immediately placed in the “New and Noteworthy” section of the App Directory after it is approved, which could give you a lot of initial exposure. If you realize you made a mistake in your approved app and decide to resubmit, you will likely lose this spot and therefore the free exposure you gain. So it’s super important to get everything as right as you can the first time! Triple check everything, twice!
When you press the button to submit, you will be entered in the queue for your app to be reviewed. Slack says that this can take anywhere between 4–6 weeks depending on how busy they are, which is a long time. If you have to modify anything about your submission during this time, you’ll go to the end of the queue.
Truffle did not take nearly this long to be reviewed. I submitted on April 12th and the review began on April 24th.
When the review began, I got an email from an actual Slack employee saying that they had begun the review and would leave notes if there was anything that needed clearing up. The first snag I hit in the review process was the permissions issue I mentioned above, where I needed to ask for a more limited OAuth scope that didn’t show the email in the user’s profile.
When the review continued, they thoroughly tested the functionality of Truffle, making sure that the features worked as advertised in the app description and on the website. They installed Truffle into a test workspace and tried asking it questions. Then, on May 5th, after a bit more back and forth about the functionality, I was given a link to push Truffle live into the App Directory, which I could do at a time of my choosing. All told, the submission took a little over three weeks to complete.
Since anything you change about your submission requires a new review, it will take some time to get these changes live in the App Directory, but it won’t take as long as the initial review. I submitted some copy changes over the following few months and the review was complete within a few days. If you add OAuth scopes, this review will take longer.
Truffle is now in the Slack App Directory, and I can definitely confirm that the whole ordeal was worth it. Users can now discover Truffle inside Slack, find out more information about its security and privacy, and they can go to their workspace admins with an app that has been vetted by Slack themselves.
If you’re trying to boost installs of your app, I think this is a very important step in achieving that goal. It can be a hassle, but in the end it’s worth the effort for the added exposure and peace of mind for Slack admins.