Overview
This node verifies the authenticity of incoming Slack requests by validating their signatures. It is designed to ensure that requests claiming to be from Slack are genuine and have not been tampered with during transmission. This verification is crucial for security when building integrations or workflows that respond to Slack events or commands.
Common scenarios where this node is beneficial include:
- Validating webhook requests from Slack before processing them.
- Securing Slack slash commands or interactive components by confirming request integrity.
- Preventing replay attacks by checking the timestamp included in the request headers.
For example, when a Slack app receives an event via a webhook, this node can be used to verify the signature using the Slack signing secret before any further processing occurs.
Properties
| Name | Meaning |
|---|---|
| Slack Signature | The signature from the Slack request header x-slack-signature. Used to verify request authenticity. |
| Timestamp | The timestamp from the Slack request header x-slack-request-timestamp. Used to prevent replay attacks by ensuring the request is recent. |
| Request Body | The JSON body of the Slack request. This is the payload that was sent by Slack and is part of the signature verification process. |
Output
The node outputs the input data unchanged in its json output field if the verification succeeds. If the verification fails, it throws an error and does not produce output data.
No binary data is produced by this node.
Dependencies
- Requires a Slack signing secret credential to perform HMAC SHA256 signature verification.
- Uses Node.js built-in
cryptomodule for cryptographic operations. - Must be configured with the Slack signing secret associated with your Slack app to validate requests properly.
Troubleshooting
Invalid Slack request: This error indicates that the signature verification failed. Possible causes include:
- Incorrect or missing Slack signing secret configuration.
- Mismatch between the actual request body and the provided body parameter.
- Timestamp outside the allowed time window (more than 5 minutes difference), which may indicate a replay attack or clock skew.
To resolve, ensure the signing secret is correctly set, the exact raw request body is passed, and the timestamp is current.
No valid Slack signing secret provided: The node cannot run without the Slack signing secret credential. Make sure to configure this credential in n8n before executing the node.
General execution error: Any other unexpected errors will be reported with this message prefix. Check the detailed error message for clues.