Mattermost Logo
We're hiring!
Edit on GitHub

Using Mattermost APIs with Apps

Note: OAuth2 is not yet implemented, for now session tokens are passed in as ActingUserAccessToken

An app authenticates its requests to Mattermost by providing access tokens, usually Bot Access token, or user’s OAuth2 access token. Each call request sent to the app includes Mattermost site URL, and optionally one or more access tokens the app can use.

What tokens the app gets, and what access the app may have with them depends on the combination of App granted permissions, the tokens requested in call.Expand, and their respective access rights.

See here to learn more about the available permissions

Apps subscriptions API 

Subscribe and Unsubscribe APIs are invocable with Bot, User, or Admin tokens, however they may fail if the token lacks access to the resource. For instance, the app’s Bot account needs to be invited to the channel before the app can subscribe to the events in the channel as the Bot. appsclient.Client exposes a Subscribe and Unsubscribe method. To learn more about about the Subscription data structure please see the godoc page.

Apps KV Store API 

The go driver appsclient.Client support method for KV Get/Set/Delete.

The KV APIs require the use of the Bot Account Token, and will fail if a user token is provided.

Mattermost REST API 

appsclient.Client does includes the model.Client4 Mattermost REST API client, pre-initialized with the auth token.