# Slack Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Slack Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/slack page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/slack.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/slack.adoc # Beta release status page-beta: "true" description: Let agents read threads, post messages, and add reactions in your Slack workspace using a shared bot token or each end-user's own Slack identity through user-delegated OAuth. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Slack managed MCP server with user-delegated OAuth learning-objective-2: Walk through the consent flow and verify the connection on the Connections page learning-objective-3: Send a test message through the Inspector page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Slack** managed MCP server is the canonical user-delegated OAuth example for Redpanda ADP. Each agent caller authenticates against Slack with their own credentials, and Redpanda injects their token at call time: so messages posted by the agent appear as the user, not as a shared bot. After reading this page, you will be able to: - Configure the Slack managed MCP server with user-delegated OAuth - Walk through the consent flow and verify the connection on the Connections page - Send a test message through the Inspector ## [](#what-this-mcp-server-does)What this MCP server does The Slack managed type exposes the following tools: - `read_thread`: Read all messages in a thread, given a channel ID and thread timestamp. - `post`: Send a message to a channel, optionally as a threaded reply, using plain text or Block Kit blocks. - `react`: Add or remove an emoji reaction on a message. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Slack workspace where you can install or authorize an OAuth app. - A Slack OAuth app registered (your own or a Redpanda-published reference app). - An [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in ADP under **OAuth Providers**, pointing at Slack’s authorize/token URLs and carrying the OAuth app’s client credentials. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - Familiarity with [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#configure)Configure Create a new Slack MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick **Slack** from the marketplace picker. 3. Fill in the identity fields (`name`, `description`). 4. In the Slack configuration form: - `Auth`: Choose a `Bot token` (a shared `xoxb-` token from the secret store) or `User-delegated OAuth` (per-user identity). - For `User-delegated OAuth`: Pick the Slack OAuth Provider you configured and set `Required scopes` for the tools you use (see [Authentication scopes](#authentication-scopes)). - `Post options` (optional): Toggle markdown formatting, link unfurling, media unfurling, and automatic link names. - `Reaction options` (optional): Maximum concurrent reaction calls. Defaults to 64. 5. Click **Create**. There’s no workspace field: the bot token or the user’s OAuth grant determines the workspace. ## [](#test-the-consent-flow)Test the consent flow After creating the server, run a tool that requires Slack authentication to verify the consent flow end-to-end: 1. Open the **Inspector** tab. 2. Run a tool that requires the user’s identity, for example `post`. 3. The first call returns `OAuthConnectionRequired` with a Slack `authorize_url`. The Inspector surfaces it as a consent prompt. 4. Click **Authorize**. You’re redirected to Slack; pick the workspace and approve the requested scopes. 5. Slack redirects back to ADP. Your connection now appears under **Connections**. 6. Re-run the original tool call. The message posts to Slack as your user. ## [](#authentication-scopes)Authentication scopes When you use user-delegated OAuth, the tools need Slack scopes that match what they do: - `post` needs `chat:write`. To post in channels the user isn’t a member of, add `chat:write.public`. - `read_thread` needs a history scope for the channel type, for example `channels:history` (public) or `groups:history` (private). - `react` needs `reactions:write`. Other gotchas: - `chat:write` is a _user_ scope; `chat:write.public` is separate. - Tokens are workspace-scoped: the same user authorizing twice across two workspaces produces two separate connections. ## [](#use-with-agents)Use with agents Once the server is created and at least one user has consented, you can point an agent at the **API URL** on the server’s detail page. Each user calling the agent will trigger their own consent flow if they haven’t connected yet. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | OAuthConnectionRequired even after consent | The token might be revoked or expired with no refresh. Check Connections; remove and re-add if needed. | | scope_upgrade_required | The server’s required scopes were widened after the user consented. The user re-consents to grant the new scope. | | "channel not found" on a channel the user can see in Slack | Reading a private channel’s thread needs the groups:history scope. Add it to the server’s required scopes and have users re-consent. | | invalid_auth from Slack | The OAuth Provider’s client credentials are wrong, or the OAuth app has been suspended in Slack. Check the provider config. | ## [](#limitations)Limitations This page does not cover: - **Configuring the Slack OAuth app**: Slack-side configuration (creating the app, picking redirect URIs, choosing scopes) happens in api.slack.com, not in ADP. - **Listing channels and looking up users**: Not exposed as tools. The server reads threads, posts messages, and adds reactions.