Note: OAuth2 is not yet implemented, for now session tokens are passed in as ActingUserAccessToken
An app authenticates its requests to Mattermost by providing access tokens, usually Bot Access token, or user’s OAuth2 access token. Each call request sent to the app includes Mattermost site URL, and optionally one or more access tokens the app can use.
What tokens the app gets, and what access the app may have with them depends on the combination of App granted permissions, the tokens requested in call.Expand, and their respective access rights.
See here to learn more about the available permissions
Subscribe and Unsubscribe APIs are invocable with Bot, User, or Admin tokens, however they may fail if the token lacks access to the resource. For instance, the app’s Bot account needs to be invited to the channel before the app can subscribe to the events in the channel as the Bot. appsclient.Client exposes a Subscribe and Unsubscribe method. To learn more about about the Subscription data structure please see the godoc page.
The go driver appsclient.Client support method for KV Get/Set/Delete.
The KV APIs require the use of the Bot Account Token, and will fail if a user token is provided.
appsclient.Client does includes the model.Client4 Mattermost REST API client, pre-initialized with the auth token.