filmaj
commented
1 month ago when external calls are made to our service from custom functions
Do you mean fetch HTTP requests issued by the custom function you have authored to an HTTP endpoint / service that you run? If so, then yes, I am not sure how or why Slack would provide a verification signature or some such for a request/response interaction that is 100% owned by users.
djmgit
Question
When setting up callback endpoints for event subscriptions or interactions like slash commands, slack injects signature headers so that our service can verify that request is coming from slack. However those headers are not present when external calls are made to our service from custom functions. I understand calls are made by user and not by slack. What is the recommended way for authentication in this case? Or is it completely on users to come up with an approach.
Environment
cat import_map.json | grep deno-slack "deno-slack-sdk/": "https://deno.land/x/deno_slack_sdk@2.14.0/", "deno-slack-api/": "https://deno.land/x/deno_slack_api@2.7.0/",
deno --version deno 1.44.4 (release, aarch64-apple-darwin) v8 12.6.228.9 typescript 5.4.5
sw_vers && uname -v ProductName: macOS ProductVersion: 13.6.7 BuildVersion: 22G720 Darwin Kernel Version 22.6.0: Mon Apr 22 20:51:27 PDT 2024; root:xnu-8796.141.3.705.2~1/RELEASE_ARM64_T6020