What is the Slack Marketplace?
The Slack Marketplace is where you can go to find apps that integrate the tools you already know and love into Slack. All apps available in the Slack Marketplace have been reviewed and approved by the Slack Marketplace team. If you are looking to use an app built by a third-party developer we strongly recommend using one that has been approved for listing in the Slack Marketplace. Please exercise caution when using any third-party app that has not been approved for the Slack Marketplace.
What does Slack review when a new app is submitted to the Slack Marketplace?
All apps that submit for listing in the Slack Marketplace undergo a review by the Slack Marketplace team to check compliance with our guidelines and policies. During the review, our team:
- Reviews the app’s use case is suitable for the Slack Marketplace
- Reviews listing information, accompanying documentation and links to related pages to make sure they are accurate/work.
- Installs the app and tests functionality to ensure the app functions as described and provides a good user experience.
- Tests an app’s endpoints for TLS and request signing verification (used by apps to validate requests they receive are coming from Slack).
- Reviews the data access requested is only what is required for the app to function.
Please note: while we do our best to ensure the security of our platform, we only perform a moment-in-time review and don’t conduct a code review.
What happens once an app is approved for the Slack Marketplace?
Once an app is approved for listing and published to the Slack Marketplace, the app’s configuration (e.g. scopes, endpoints, listing data) is not updatable by a developer without them resubmitting to the Slack Marketplace team and having the changes reviewed and tested. Only after a review is complete and the changes approved are they then applied to the published app. In addition to reviewing changes, we also run regular audits to ensure that apps remain compliant with our requirements and guidelines.
In some instances, additional testing, including penetration testing, is performed at Slack’s discretion. Reports from that testing are only shared with the developer of the app.
Where can I find information about an app’s security and privacy practices?
Every app that is approved for the Slack Marketplace provides security & compliance information available in the ‘Security & compliance’ tab on their app listing. This information covers things like policies relating to data handling, certifications held, as well as how to report security issues. Developers submit this information as part of their app review and self-certify that it is accurate and truthful.
While this information is helpful for getting a sense of an app/service’s security posture and how it aligns with yours, we always recommend getting in touch with the developers directly should you want to find out more. You can find their contact information on their Slack Marketplace listing page.
How can I best manage apps used in my workspace?
Slack provides several tools to help you manage your company’s usage of apps. You can find out more here.
One last thing
Please note that the review is a snapshot in time of the app functionality. If you encounter any apps listed in the Slack Marketplace that are not functioning as expected or which may be breaking our terms of service, please contact us at feedback@slack.com.