Example Tools using Outbound Apps
Here are examples of how backend services can use Descope Outbound Apps to retrieve user-specific tokens for third-party platforms like Salesforce, HubSpot, and Google Calendar.
Each example assumes the user has already connected via the outbound app connect flow, either using the Frontend SDKs or Descope Flows.
Fetching Outbound App Tokens
To use tokens from your backend, you'll need to fetch them using the Descope Management API. Below are examples in different languages:
Node.js / JavaScript
Python
🔗 Salesforce Opportunities Tool
Use Descope Outbound Apps to fetch Salesforce access tokens, then query opportunities from the Salesforce API.
📅 Google Calendar Events Tool
Fetch a user's calendar events with Descope-managed tokens:
📇 HubSpot Contacts Tool (Python Example)
Use the Outbound App token to get CRM contact records from HubSpot:
🛠️ Slack Bot + User Token Example
Use Descope Outbound Apps to fetch both Slack bot and user tokens to build bots that can also perform user-authorized actions:
What You Receive from Descope
When you call:
Descope will return:
- accessToken: Slack Bot User OAuth token, scoped to the bot-level permissions you requested (e.g., chat:write).
- userToken: Slack User OAuth token, scoped to the user-level permissions you requested (e.g., channels:history).
- scopes / userScopes: Reflect the scopes granted during the outbound app OAuth exchange.
- refreshToken: Present only if your Slack app and Descope outbound app are configured for refresh tokens.
- expiresAt: Unix timestamp for expiry, based on Slack’s token behavior.
- provider: Always "slack" for clarity.
Example: Posting message as the bot, Reading User Channels
With this flow, you can easily combine bot functionality (posting messages, responding to events) with user-authorized actions (fetching channels, reading conversations, posting as user with additional scopes) within your Slack-integrated flows using Descope Outbound Apps.
Important Notes
- Store your Management Key securely - it has admin permissions to your Descope project
- Use environment variables to manage your Project ID and Management Key
- Token requests should only occur server-side, never in client code
- Set appropriate scopes when requesting tokens for better security
Coming soon: More examples for platforms like Slack, Notion, Zoom, and GitHub!