Slack Webhook - Verify Signature
Last edited 38 days ago
Description
This template will help you verify that incoming calls from a Slack webhook actually come from Slack and not some unknown third-party services. It is mainly used to prevent attacks from malicious bots or individuals. This is a Sub-Workflow, so it should be used inside the main workflow that contains the webhook listening for Slack requests.
How to Use
What to Edit
You should set the Slack Signing Secret that you can find on your Slack App dashboard in the general tab. It should be located under the following URL:
https://api.slack.com/apps/[SLACK_APP_ID]/general
Input
The input should be the received Slack request. This workflow should then be placed directly after the Slack Webhook.
Outputs
Success Output
If the signature was verified successfully, we return a key verified_signature set to true along with data from the Slack request itself.
Error Output
When the signature could not be verified, we raise an error. You can handle this case in your main workflow by using an Error Workflow or by changing your node settings and choosing some actions in case of an error.
Changelog
Version 1.0.1 (2023-12-11)
- Changed
replacebyreplaceAllin JS code in case of several arguments. - Added some custom replacements that
encodeURIComponentdoes not take into account
You may also like
New to n8n?
Need help building new n8n workflows? Process automation for you or your company will save you time and money, and it's completely free!
