I am trying to write a script to delete old files from my Slack workspace.
Following the Slack API docs, I created an app, gave it the channels:join, channels:manage, channels:read, files:read, and files:write scopes, and installed it in the target workspace.
My app can list channels, join a channel, and list files in that channel, but whenever I try to delete a file, I get a response that looks like this:
DELETE https://slack.com/api/files.delete?token=xoxb-xxxxxxxxxxxx-xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx&file=Fxxxxxxxxxx
User-Agent: PostmanRuntime/7.24.1
Accept: */*
Cache-Control: no-cache
Postman-Token: 8f6854b4-794c-4685-892c-c9fafc03827e
Host: slack.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 200 OK
date: Sat, 09 Jan 2021 19:23:28 GMT
server: Apache
x-xss-protection: 0
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-slack-req-id: 227ef4f9bb4c85c42d6f1c7fb33ddac0
x-content-type-options: nosniff
referrer-policy: no-referrer
access-control-expose-headers: x-slack-req-id, retry-after
x-slack-backend: r
x-oauth-scopes: files:read,files:write,users:read,channels:read,channels:join,channels:manage,remote_files:write
x-accepted-oauth-scopes: files:write
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-headers: slack-route, x-slack-version-ts, x-b3-traceid, x-b3-spanid, x-b3-parentspanid, x-b3-sampled, x-b3-flags
vary: Accept-Encoding
content-encoding: gzip
content-length: 59
content-type: application/json; charset=utf-8
x-envoy-upstream-service-time: 26
x-backend: files_normal files_canary_with_overflow files_control_with_overflow
x-server: 10.128.70.109:80
x-via: envoy-www-iad-kyvf, haproxy-edge-iad-2ql3
x-slack-shared-secret-outcome: shared-secret
via: envoy-www-iad-kyvf
{
"ok": false,
"error": "cant_delete_file"
}
According to the API docs for the files.delete endpoint, cant_delete_file means:
Authenticated user does not have permission to delete this file.
I can only assume that this is because my user is a bot, and is not the user who originally uploaded the file.
Because I am the workspace admin, I expect that I would be able to list and delete all files if I were to authenticate with my user credentials, but the Basic App Setup docs don't say how to authenticate with user credentials, even though they contain language suggesting that some actions may require a User Token:
If you need to act as a specific user (for example, posting messages on behalf of a user, or setting a user's status), you'll need a User Token.
Is anybody aware of how to either:
Although it isn't clearly documented, App Tokens are not allowed to delete files that were uploaded by other users.
In order to do this, the App needs to be installed into the workspace via OAuth, granting the app a User Token that inherits the permissions of the user who installed it.
If that user is the workspace administrator, the app will be able to delete any file, regardless of who uploaded it. See https://api.slack.com/legacy/oauth for details