What are Slack apps and how do they work?
A Slack app is a program that extends your workspace — posting messages, responding to commands, or connecting Slack to another service. Unlike a Telegram bot, a Slack app is governed by a permission system called scopes, and it is installed through OAuth. Here is what that means in practice.
Installing an app: OAuth and scopes
When you add a Slack app, Slack shows you exactly what it is asking for: a list of scopes such as "view channels" or "send messages". You approve them, and Slack issues the app a token limited to those scopes. An app can never do more than the scopes you granted, which is why the install screen is worth reading.
Bot tokens versus user tokens
Slack apps use two kinds of token. A bot token acts as the app itself — it posts as the app and sees only what the app was invited to. A user token acts on behalf of a specific person and can see what that person can see. Well-behaved apps prefer bot tokens and ask for user scopes only when they truly need them.
How apps receive messages
Rather than constantly polling, Slack apps subscribe to the Events API. Slack sends an HTTPS request to the app each time something it cares about happens — a new message, a reaction, a channel join. The app verifies the request came from Slack, then acts on it.
Least privilege matters
The safest apps ask for the narrowest set of scopes that gets the job done. If a tool that only needs to read your channel list asks for permission to read every message and file, that is a red flag. Scopes are the clearest signal of what an app can actually touch.
How Crosswire uses a Slack app
Crosswire installs a lightweight Slack app scoped to what a bridge needs: seeing your channel list and relaying messages for the channels you connect. You sign in with Slack, approve the scopes, and pair a Telegram group. Nothing wider is requested, and you can remove the app from Slack whenever you like.