Créer un clavardage d'assistance appuyé par Slack en ColdFusion Partie 4 : Préparer Slack avant d'écrire du code

Tout ce qu'il vous faut avant d'écrire une seule ligne de CFML

One of my biggest pet peeves with integration tutorials is that they all seem to start in the middle. Step one:

cfhttp(...)

Cool. Where did the bot token come from? What channel is that? Why does Slack keep saying channel_not_found? What’s a signing secret? Did I accidentally skip fifteen pages?

Apparently.

By the time most tutorials start showing code, somebody has already clicked seventeen buttons, copied six secrets, enabled three obscure settings, sacrificed a small goat to the OAuth gods, and quietly omitted all of it from the article.

Let’s not do that.

Before we write a single line of ColdFusion, let’s get Slack configured properly. It’ll make every article that follows dramatically simpler.

Create a Slack App

Head over to: https://api.slack.com/apps

Create a new application. Choose "From Scratch." Give it a name. Bonus points if it's got an obscure Monty Python reference. Select the workspace you want to install it into.

If you’re developing locally, create a development workspace. Seriously. Don’t experiment in production. You are absolutely going to break things while you’re learning. It’s much more enjoyable when those things belong to you.

Your Bot Is Your Application

The application itself doesn’t post messages; the bot does. Think of your bot as another member of your team.

It has a name, an icon, it joins channels, it sends messages, it replies in threads... Every message your application sends will come from this bot. Give it a recognizable name.

Future You will eventually be staring at fifty Slack threads wondering which messages came from the application and which came from actual humans.

Please think about Future You. You’ve already put them through enough.

Install the App

Creating the app isn’t enough. Slack requires you to install it into your workspace. Until you do, your shiny new bot is basically unemployed.

After installation you’ll receive your first important secret: your Bot User OAuth Token. It’ll look something like this.

xoxb-...

Treat it like an incredibly important password, because that’s exactly what it is.. Never commit it. Never hardcode it. Never email it. Never put it in a screenshot.

If your bot token leaks, somebody else now has permission to speak as your application.

That can become awkward remarkably quickly.

Give the Bot Permission to Do Its Job

Slack follows the principle of least privilege. Your bot can’t magically do everything. It needs permission.

For this project you’ll need a surprisingly small set of OAuth scopes. At minimum:

  • chat:write
  • channels:history

Depending on your environment you may also need:

  • groups:history
  • im:history
  • mpim:history

Don’t blindly enable every permission because Stack Overflow told you to. Every permission increases the amount of damage a compromised token can do.

Ask for exactly what you need. Nothing more.

Decide on Your Channel Strategy

This is one decision that’s surprisingly important. You have options:

  • One channel per customer.
  • One channel per department.
  • Private channels.
  • Direct messages.
  • A single support channel.

After trying several ideas, I settled on the simplest one: a single support channel and a single Slack thread per customer conversation.

Support Channel

Customer A
└── Thread

Customer B
└── Thread

Customer C
└── Thread

It scales remarkably well. Support staff only need to monitor one place. Conversations stay organized. Searching is easy. Slack’s thread model ends up doing most of the heavy lifting for free.

Never underestimate the value of letting somebody else’s software solve your problem.

Invite the Bot to Your Channel

This catches almost everyone.

Your bot may have permission to write messages. That doesn’t mean it’s actually a member of the channel you want it to send messages to. If Slack returns:

not_in_channel

The API isn’t broken. Your bot simply isn’t there. Inside Slack you need to

/invite @YourBot

Problem solved. I spent considerably longer discovering this than I’m comfortable admitting. Hopefully you won’t.

Understand ts Before It Confuses You

Slack has an unfortunate naming convention. Every message has a timestamp. It’s called ts. The first message in a thread has its own ts. That exact value also becomes the thread identifier.

Replies don’t invent a new thread ID. They simply reference the original message.

Original Message
ts = 1751637712.948372
Replies
thread_ts = 1751637712.948372

That one little value becomes the bridge between Slack and your database. Store it immediately. Don’t try to reconstruct it later.

Databases are much better at remembering things than developers. Especially developers after lunch.

Turn On the Events API

Eventually Slack needs to talk back to your application... that’s where the Events API comes in. Enable it. Slack asks for a Request URL.

At first this feels backwards. You haven’t written the endpoint yet and that’s okay. We’ll build it in the next couple of articles. Just understand that Slack communicates by sending ordinary HTTP requests to your application.

Nothing magical. Nothing proprietary.

Just webhooks.

Slack Will Verify Your Endpoint

The first request Slack sends isn’t a message; it’s a challenge. Slack is basically asking, “Before I start sending you events… are you actually there?”

Your endpoint simply echoes the challenge value back. Once that’s done, Slack is satisfied and after that, the real events begin.

We’ll implement this in ColdFusion later. For now, it’s enough to know why Slack suddenly starts talking to an endpoint that doesn’t exist yet.

Collect Everything You’ll Need

Before writing any code, collect these values.

  • Bot User OAuth Token
  • Signing Secret
  • Channel ID
  • Workspace ID
  • Bot User ID
  • App ID

Put them somewhere secure. Environment variables, a secret manager, an encrypted configuration... Literally anywhere except your source code.

Nothing ruins a Friday quite like discovering your production bot token has been living in GitHub for six months.

Test Slack Before Testing ColdFusion

This is probably the biggest piece of advice in the entire article. Don’t start with ColdFusion. Start with Postman, or Bruno, or curl. Can you successfully call chat.postMessage? Can the bot post into your support channel? Can it reply to an existing thread?

If the answer is no… Stop. Don’t write application code yet. Get Slack working first. When your first line of ColdFusion fails, you should be debugging one system, not two.

Don’t Fear the Slack API

Slack’s documentation can look intimidating.

There are hundreds of endpoints. Thousands of events. Enough permissions to make a government security auditor smile. Ignore almost all of it.

For this project, you’re going to use a tiny fraction of what Slack offers:

  • One endpoint to post messages.
  • One endpoint to receive events.
  • A handful of permissions.
  • A bot.
  • A channel.

That’s really it. It’s surprisingly small once you stop looking at the entire platform.

Next Time

Now that Slack is ready, we can finally write some ColdFusion.

We’ll send our first message using chat.postMessage, create Slack threads automatically, store the thread identifiers in our conversation model, and build the outbound half of our support bridge.

Because finally writing code is considerably more satisfying once you’ve stopped fighting configuration screens.