Slack Webhook - Verify Signature

Description This template will help you verify that incoming calls from a Slack webhook actually come from Slack and not some unknown third-party services. It is mainly used to prevent attacks from malicious bots or individuals. This is a Sub-Workflow, so it should be used inside the main workflow that contains the webhook listening for Slack requests.

How to Use What to Edit You should set the Slack Signing Secret that you can find on your Slack App dashboard in the general tab. It should be located under the following URL:

https://api.slack.com/apps/[SLACK_APP_ID]/general

Input The input should be the received Slack request. This workflow should then be placed directly after the Slack Webhook.

Outputs Success Output If the signature was verified successfully, we return a key verified_signature set to true along with data from the Slack request itself.

Error Output When the signature could not be verified, we raise an error. You can handle this case in your main workflow by using an Error Workflow or by changing your node settings and choosing some actions in case of an error.

Changelog Version 1.0.1 (2023-12-11) Changed replace by replaceAll in JS code in case of several arguments. Added some custom replacements that encodeURIComponent does not take into account