This template will help you verify that incoming calls from a Slack webhook actually come from Slack and not some unknown third-party services.
It is mainly used to prevent attacks from malicious bots or individuals. This is a Sub-Workflow, so it should be used inside the main workflow that contains the webhook listening for Slack requests.
You should set the Slack Signing Secret that you can find on your Slack App dashboard in the general tab. It should be located under the following URL:
https://api.slack.com/apps/[SLACK_APP_ID]/general
The input should be the received Slack request. This workflow should then be placed directly after the Slack Webhook.
If the signature was verified successfully, we return a key verified_signature set to true along with data from the Slack request itself.
When the signature could not be verified, we raise an error. You can handle this case in your main workflow by using an Error Workflow or by changing your node settings and choosing some actions in case of an error.
replace by replaceAll in JS code in case of several arguments.encodeURIComponent does not take into account