Slack MCP Server

PRODUCTION_CHECKLIST.md•6.62 KiB

# Production Deployment Checklist Use this checklist to ensure your Slack MCP server is production-ready. ## Pre-Deployment ### Slack App Configuration - [ ] Slack app created at api.slack.com/apps - [ ] All required bot scopes added (minimum: `chat:write`, `channels:history`, `channels:read`) - [ ] Token rotation enabled (recommended) - [ ] Redirect URI configured in Slack app settings - [ ] Redirect URI uses HTTPS (required by Slack for production) - [ ] Client ID and Client Secret saved securely ### Environment Configuration - [ ] All required environment variables set - [ ] `SLACK_CLIENT_ID` - [ ] `SLACK_CLIENT_SECRET` - [ ] `SLACK_REDIRECT_URI` - [ ] `SLACK_SCOPES` - [ ] `AFFINITYBOTS_MCP_API_KEY` - [ ] Strong API key generated (32+ characters, random) - [ ] `ALLOWED_ORIGINS` configured with your frontend domains - [ ] `PUBLIC_BASE_URL` set to your public HTTPS URL - [ ] `LOG_LEVEL` set to `info` or `warn` (not `debug`) - [ ] `.env` file NOT committed to version control ### Storage - [ ] Persistent storage implemented (PostgreSQL, Redis, MongoDB) - [ ] `InMemoryInstallStore` replaced with persistent implementation - [ ] Database/Redis connection tested - [ ] Database migrations run (if applicable) - [ ] Database backups configured - [ ] Connection pooling configured appropriately ### Security - [ ] HTTPS enabled for all endpoints - [ ] SSL/TLS certificate valid and not expired - [ ] Reverse proxy configured (nginx, Caddy, etc.) - [ ] Security headers configured (Helmet.js is included) - [ ] CORS properly configured with allowlist - [ ] API key authentication tested - [ ] Rate limiting configured (at proxy or application level) - [ ] Request timeouts configured (included: 30s) - [ ] No sensitive data in logs - [ ] Error messages don't leak internal details ## Deployment ### Server Setup - [ ] Server/container deployed - [ ] Health check endpoint `/health` responding - [ ] Server accessible at configured URL - [ ] Logs being written and accessible - [ ] Process manager configured (PM2, systemd, Docker restart policy) - [ ] Auto-restart on failure enabled ### OAuth Flow - [ ] `/slack/install` endpoint accessible - [ ] OAuth flow completes successfully - [ ] Callback receives authorization code - [ ] Tokens stored in database - [ ] Success message displayed to user - [ ] State validation working (CSRF protection) ### MCP Endpoint - [ ] `/mcp` endpoint accessible - [ ] CORS headers present in responses - [ ] API key authentication working - [ ] Session creation successful - [ ] Session expiration working - [ ] Session pruning running ### Slack Integration - [ ] Can list channels via `slack_list_channels` - [ ] Can read messages via `slack_get_channel_history` - [ ] Can post messages via `slack_post_message` - [ ] Token refresh working (if rotation enabled) - [ ] Errors handled gracefully ## Post-Deployment ### Monitoring - [ ] Health check monitoring configured - [ ] Uptime monitoring enabled - [ ] Error tracking configured (e.g., Sentry) - [ ] Log aggregation configured (e.g., CloudWatch, Datadog) - [ ] Alerts configured for: - [ ] Server downtime - [ ] High error rates - [ ] OAuth failures - [ ] Token refresh failures - [ ] Database connection issues ### Performance - [ ] Response times acceptable (< 500ms for most requests) - [ ] Memory usage stable - [ ] CPU usage reasonable - [ ] Database query performance optimized - [ ] Connection pooling working efficiently ### Documentation - [ ] README.md updated with production URLs - [ ] Team IDs documented for users - [ ] API key distribution process documented - [ ] Incident response plan created - [ ] Runbook created for common issues ### Backup & Recovery - [ ] Database backups configured - [ ] Backup restoration tested - [ ] Disaster recovery plan documented - [ ] Secrets backed up securely (not in repo) ### Compliance & Legal - [ ] Privacy policy updated (if collecting user data) - [ ] Terms of service updated - [ ] GDPR compliance reviewed (if applicable) - [ ] Data retention policy defined - [ ] User data deletion process implemented ## Testing ### Functional Testing - [ ] OAuth flow tested end-to-end - [ ] All MCP tools tested with real workspace - [ ] Error handling tested (invalid tokens, missing permissions, etc.) - [ ] Token refresh tested (if rotation enabled) - [ ] Multiple workspace installations tested - [ ] Session expiration tested ### Security Testing - [ ] CSRF protection tested (invalid state) - [ ] API key authentication tested (missing, invalid) - [ ] CORS tested (allowed and blocked origins) - [ ] Rate limiting tested (if implemented) - [ ] SQL injection tested (if using SQL database) - [ ] XSS tested (if rendering user content) ### Load Testing - [ ] Concurrent requests tested - [ ] Multiple sessions tested - [ ] Database connection pool tested under load - [ ] Memory leaks checked - [ ] Session cleanup tested ## Maintenance ### Regular Tasks - [ ] Monitor logs daily - [ ] Review error rates weekly - [ ] Check SSL certificate expiration monthly - [ ] Update dependencies monthly - [ ] Review and rotate API keys quarterly - [ ] Test backup restoration quarterly - [ ] Review access logs for suspicious activity ### Updates - [ ] Dependency update process defined - [ ] Security patch process defined - [ ] Deployment rollback plan documented - [ ] Zero-downtime deployment configured (if needed) ## Rollback Plan In case of issues: 1. [ ] Previous version container/build available 2. [ ] Database migration rollback scripts ready 3. [ ] Rollback procedure documented 4. [ ] Rollback tested in staging environment ## Sign-Off - [ ] Development team reviewed - [ ] Security team reviewed (if applicable) - [ ] Operations team trained - [ ] Documentation complete - [ ] Monitoring configured - [ ] Ready for production traffic --- ## Quick Reference ### Critical Environment Variables ```bash SLACK_CLIENT_ID=required SLACK_CLIENT_SECRET=required SLACK_REDIRECT_URI=required SLACK_SCOPES=required AFFINITYBOTS_MCP_API_KEY=required ALLOWED_ORIGINS=recommended ``` ### Health Check ```bash curl https://yourdomain.com/health ``` ### Test OAuth ```bash # Visit in browser: https://yourdomain.com/slack/install ``` ### Test MCP ```bash curl -X POST https://yourdomain.com/mcp \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0.0"}}}' ``` ### View Logs ```bash # Docker docker logs slack-mcp-server # PM2 pm2 logs slack-mcp-server # Direct journalctl -u slack-mcp-server -f ``` ### Emergency Contacts - DevOps: [contact info] - Security: [contact info] - On-call: [contact info]

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cnye36/slack-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

PRODUCTION_CHECKLIST.md•6.62 KiB