Skip to main content

Slack Identity Management API

These endpoints manage the link between kenbun team members and their Slack user identities. Identity mapping is required for owner-routed direct messages — when a trigger is configured to notify the lead owner, kenbun uses this mapping to find the right Slack user to DM.

There are three endpoints:

  • GET /integrations/slack/identity-status — visible to any team member; returns the count of mapped members.
  • POST /integrations/slack/sync-identities — admin-only; runs the email-based identity sync.
  • PUT /members/{org_member_id}/slack — admin-only; manually overrides a member's Slack identifier.

All three are scoped to the active Organizational Unit.

GET /integrations/slack/identity-status

Returns how many confirmed members in the active Organizational Unit have a Slack identity mapped. The trigger configuration UI uses this endpoint to display a status pill ("7 of 10 members have Slack mapped") next to the Notify the Lead Owner option.

Authentication

Required: Yes. Bearer token (JWT). Any authenticated member of the active Organizational Unit can call this endpoint — admin role is not required.

Request

Endpoint: GET /integrations/slack/identity-status

Headers:

Accept: application/json

Example:

curl -X GET "https://api.kenbun.io/integrations/slack/identity-status" \
  -H "Authorization: Bearer <token>"

Response

Status: 200 OK

FieldTypeDescription
totalintegerTotal number of confirmed members in the active Organizational Unit.
mappedintegerNumber of those members who have a Slack user identifier on file.

Example Response:

{
  "total": 10,
  "mapped": 7
}

Common Errors

StatusMeaningSolution
400Organization or Organizational Unit not resolvedSet an active Organizational Unit before calling.
401UnauthorizedVerify your bearer token.
500Internal Server ErrorRetry later or contact support.

POST /integrations/slack/sync-identities

Run the identity sync job for the active Organizational Unit. For each confirmed member without a Slack mapping, kenbun looks up the member's email address in the connected Slack workspace and stores the result.

The endpoint blocks until the job completes and returns a summary count of matches, misses, and errors.

Authentication

Required: Yes. Bearer token (JWT). Admin role required.

Request

Endpoint: POST /integrations/slack/sync-identities

Headers:

Content-Type: application/json
Accept: application/json

Body: None.

Example:

curl -X POST "https://api.kenbun.io/integrations/slack/sync-identities" \
  -H "Authorization: Bearer <token>"

Response

Status: 200 OK

FieldTypeDescription
members_totalintegerNumber of members evaluated by the sync (already-mapped members are skipped).
matchedintegerMembers whose email matched a Slack user and were newly mapped during this run.
no_matchintegerMembers whose email did not match any Slack user in the workspace.
errorsintegerMembers where the Slack lookup returned an unexpected error.

Example Response:

{
  "members_total": 8,
  "matched": 6,
  "no_match": 2,
  "errors": 0
}

Common Errors

StatusMeaningSolution
400Organization or Organizational Unit not resolvedSet an active Organizational Unit.
401UnauthorizedVerify your bearer token.
403ForbiddenEndpoint requires admin role.
500Identity sync failedConfirm Slack is connected for this Organizational Unit, then retry.

Notes

  • Members whose Slack identifier is already on file are skipped — running the sync repeatedly is safe and idempotent.
  • Members in other Organizational Units are never touched, even if you are an admin in both.
  • A no_match result usually means the member's kenbun email differs from their Slack workspace email. Resolve those cases with a manual override (see below).

PUT /members/{org_member_id}/slack

Manually set a member's Slack user identifier. Use this when the email-based sync cannot match the member — for example, when their kenbun email and Slack workspace email differ.

Authentication

Required: Yes. Bearer token (JWT). Admin role required.

Request

Endpoint: PUT /members/{org_member_id}/slack

Path Parameters:

ParameterRequiredTypeDescription
org_member_idYesstringThe member's identifier. Available from the Members API.

Headers:

Content-Type: application/json

Request Body:

FieldRequiredTypeDescription
slack_user_idYesstringThe member's Slack user identifier. Must begin with U and contain only uppercase letters and digits (for example, U012AB3CD).

Example Request Body:

{
  "slack_user_id": "U012AB3CD"
}

Example:

curl -X PUT "https://api.kenbun.io/members/mbr_8f2c19d4/slack" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{ "slack_user_id": "U012AB3CD" }'

Response

Status: 204 No Content

The override is saved. Subsequent owner-routed dispatches use the new identifier immediately.

Common Errors

StatusMeaningSolution
400Missing org_member_id or malformed slack_user_idVerify the path parameter and that the body matches the pattern ^U[A-Z0-9]+$.
401UnauthorizedVerify your bearer token.
403ForbiddenEndpoint requires admin role.
404Member not foundConfirm the org_member_id belongs to your organization.
500Internal Server ErrorRetry later or contact support.

Notes

  • Manual overrides survive future identity syncs — the sync job does not overwrite an existing mapping.
  • kenbun enforces tenant isolation: admins in one organization cannot set the Slack identifier for a member in a different organization, even if the org_member_id is known.

Where to Find a Member's Slack User Identifier

In Slack, click your name in the sidebar, choose View profile, then click the three-dot menu on the profile panel and select Copy member ID. The identifier starts with U.