Workplace

Request a Workplace Third Party App

All companies that would like to offer SaaS apps to Workplace customers must use Workplace Third Party Apps and pass Workplace's app review and security reviews, as described below.

All Third Party Apps Are Reviewed by Workplace

The Workplace platform supports APIs and webhooks that enable our customers to add SaaS integrations to their Workplace instance via Third Party Integrations. Submitting an App Creation request is the first step in making your product available to Workplace Customers.

All Third Party Integrations must comply with our Platform Terms, pass App Review, and apps that require mid- or high-sensitivity permissions must also pass our Security Review. Selected Third Party Integrations also appear in our Integrations Directory.

If you're a developer building an enterprise productivity tool, and you'd like to integrate with Workplace, we want to hear from you! Request an app today via our support tool, and a member of the Workplace team will get in touch with you to get you up and running.

* App Review is: 1) required before your app can be used by other Workplace customers, then 2) repeated annually in the future

† For apps using mid- or high-sensitivity permissions, Security Review is required: 1) before your app can be used by other Workplace customers, then 2) repeated annually in the future

App Qualification Criteria

Your app request will be reviewed for suitability on the Workplace platform, considering these criteria:

  • Business value of the app
  • Whether the requested app permissions are essential to deliver the planned use case
  • Your company's track record for delivering valuable enterprise collaboration apps
  • If you're requesting mid- or high-sensitivity permissions, your company's security credentials (e.g., SOC or ISO certifications)

Sensitivity of Permissions

Workplace app permissions are divided into three levels of sensitivity, which determine the level of security review required for an app. It is required that developers request the minimum permissions necessary to provide the app's functionality. The presence of one or more of the medium- or high-sensitivity permissions triggers the respective security review of the app for that level.

You can find a full description of each permission in our reference documentation

The Impersonate account permission is unavailable for third party apps

Low Sensitivity Permissions

Apps that use low-sensitivity permissions exclusively are not required to undergo the security review process.

  • Message any member (message)
  • Read user email (read_user_email)
  • Create link previews (link_unfurling)

Medium Sensitivity Permissions

Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.

  • Mention bot (bot_mention)
  • Manage group content (write_group)
  • Manage groups (manage_group)
  • Manage user timeline (write_user_feed)
  • Read work profile (read_user_work_profile)
  • Read org chart (read_user_org_chart)
  • List group members (list_group_members)
  • Logout (logout)

High Sensitivity Permissions

Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.

  • Read group content (read_group)
  • Read all messages (read_all_messages)
  • Read user timeline (read_user_feed)
  • Delete chat messages (delete_messages)
  • Read security logs (receive_security_logs)
  • Manage profile (manage_profiles)
  • Provision accounts (manage_accounts)

App Configuration Options

  • White labeling - By default, your app's appearance is set by you when you configure your app metadata. If you choose to allow it, white labeling lets your customers change the appearance of your bot (i.e., its name and icon) within their Workplace instance upon installation
  • Multi Install - By default, a third party app can only be installed once per Workplace instance. While this suits many use cases, there are kinds of integrations (e.g., conversational bot engines) where customers may desire to install multiple instances of your app, which is possible if this option is configured for your app.
  • Allow chat bot to participate in group chats - Pertains only to apps with “Message Any Member” permission — by default, chat bots can interact directly with people via Work Chat in 1:1 threads. Request this configuration if your chat bot needs to be able to create or participate in 1:n threads.

Submit a Request

If you want to offer a SaaS app to other Workplace customers:

  • You must have a Workplace Premium account. If you don't have already have Workplace Account, you can sign up at www.workplace.com. If you have Workplace Standard edition, you will need to upgrade to Workplace Premium.
  • You must be a System Administrator to submit a request. Make sure you are a System Admin by opening the admin panel. If you are not a System Admin you'll need to ask your IT department to grant you this role.
Create App Request