Slack APIs You Should Use for Compliance and eDiscovery

It goes without saying that Slack is a trailblazer in modern workplace communication. With their most recent IPO and 10 million daily users and counting, the platform has scaled at a remarkable pace. As more companies begin to use Slack as a primary means of communication, more business records and sensitive information live in its platform. From a productivity standpoint, this is great news. But from a legal compliance standpoint? Slack users have entered uncharted territory.

Luckily, Slack has an incredible set of APIs to access data and make compliance and eDiscovery easy. But if you’re asking yourself, “Which ones should I use to best suit my needs?” You’ve come to the right place! Thanks to our strong partnership with Slack, we’ve learned which APIs can help make eDiscovery for Slack painless. In this article, we’ll share our findings with you.

What makes data from Slack different, anyway?

Think about everything that makes Slack so great to use: images, gifs, video, audio, attachments, links, emojis, threads, channels, the ability to edit and delete messages, and more. There’s a lot of dynamic electronically stored information (ESI) there. The more dynamic the ESI the more complex the data processing, culling, and export will be. This ultimately means that unless you have a proper search, collection, and processing method in place, the Slack data will be almost incomprehensible for responsible legal teams to review. To give you an idea, it’ll look a little something like this:

*Cue JSON file*


Working with this data will have legal review teams scratching their heads. Not only will you waste time due to inconsistent and illogical rendering, but you’ll also run the risk of acquiring huge services and attorney costs. It sounds nerve-wracking, but fear not — Slack’s APIs are here to save the day.

So, which is the best API to retrieve information from Slack?

The short answer is that it depends. Every litigation is different, so the type of information you need to collect may vary. Evaluate what your needs are as you read through these options.

Discovery API

When it comes to large scale eDiscovery and compliance cases, Slack’s Discovery API is your best bet. This API can integrate with Slack Enterprise Grid and its scope of access is very extensive. The Discovery API gives you access to all resources in multiple workspaces within your Enterprise account — all while using a single access token. You can also access resources that have been shared among those workspaces. To retrieve a single access token, you’ll need to be authorized with Slack’s OAuth Exchange.

But when it comes to exporting the data… you’ll want to enlist an eDiscovery or data loss prevention (DLP), vendor. Why? The data exported via the discovery API comes in a JSON format. Not only is the JSON format extremely complex (as mentioned before) but it also makes narrowing down the information you need nearly impossible. Ediscovery and DLP vendors will be able to save you time and money in this arena.

As Slack’s eDiscovery partner, we’ve seen firsthand how deeper connections with Slack can expand problem-solving ability and make for more seamless collections. To give you some tangible evidence, just look at the difference our platform makes on that puzzling JSON file:

Now we’re talkin’!

Bottom line: Use Slack’s Discovery API to search for specific information in its highly trafficked and expansive data set. And whatever you do, don’t get stuck without a third party eDiscovery or DLP partner! Based on our findings, it can cost an average of $15,000 per custodian before counting review costs.

2. Audit Logs API

With Slack’s Audit Logs API, organization owners can query user actions and continuously audit Enterprise workspaces to spot suspicious activity. This API is ideal for continuous compliance purposes, as it allows you to proactively monitor for security issues and malicious access attempts. You also have the ability to consistently feed Slack access data into a third party auditing tool. When combined with an eDiscovery application, this can drastically reduce the data set and enhance the value of a collection. Like the Discovery API, you’ll need to be authorized through Slack’s OAuth Exchange.

It’s important to note – the Audit Logs API is read-only. The events themselves will only show actions that happen within a workspace, but they won’t reveal the actual content. To reveal the content of channels and multi-party messages, the Discovery API will need to be enabled.

Bottom line: The Audit Logs API offers valuable information for eDiscovery, security, and compliance purposes. Teams that use eDiscovery or SEIM applications will get the most out of this API.

With a strong understanding of your Slack plan and the capabilities of these API’s, collecting the information your organization needs from Slack will be easier than you think. Remember to consult a legal professional or an eDiscovery software provider who understands the technicalities of Slack. They should help you understand your needs and use them as a roadmap to success.

Want to learn more about how Onna streamlines eDiscovery for Slack? Check out our Beginner’s Guide to Slack eDiscovery.