Closed djmgit closed 1 month ago
when external calls are made to our service from custom functions
Do you mean fetch
HTTP requests issued by the custom function you have authored to an HTTP endpoint / service that you run? If so, then yes, I am not sure how or why Slack would provide a verification signature or some such for a request/response interaction that is 100% owned by users.
@filmaj fair call, just wanted to confirm the same.
Question
When setting up callback endpoints for event subscriptions or interactions like slash commands, slack injects signature headers so that our service can verify that request is coming from slack. However those headers are not present when external calls are made to our service from custom functions. I understand calls are made by user and not by slack. What is the recommended way for authentication in this case? Or is it completely on users to come up with an approach.
Environment
cat import_map.json | grep deno-slack "deno-slack-sdk/": "https://deno.land/x/deno_slack_sdk@2.14.0/", "deno-slack-api/": "https://deno.land/x/deno_slack_api@2.7.0/",
deno --version deno 1.44.4 (release, aarch64-apple-darwin) v8 12.6.228.9 typescript 5.4.5
sw_vers && uname -v ProductName: macOS ProductVersion: 13.6.7 BuildVersion: 22G720 Darwin Kernel Version 22.6.0: Mon Apr 22 20:51:27 PDT 2024; root:xnu-8796.141.3.705.2~1/RELEASE_ARM64_T6020