-
My goal: trigger a Retool Workflow when an
app_mentionevent is fired by my Slack App. -
Issue: Retool Workflow webhook trigger event does not respond to the challenge when setting up the URL in the Slack app.
Thanks for reaching out, @YacinePaveFi! Welcome to the community. 
If you haven't already done so, your workflow needs to respond to the initial challenge request in order to validate the endpoint. You can see how I've done this here:
One important thing to note - you should always authenticate these incoming requests so that no bad actors can trigger your workflow. The workflowApiKey URL parameter is obviously one layer of defense, but you can read more about how Slack recommends you evaluate the legitimacy of the incoming request here.
I hope that helps! Let me know if you have any questions.
@Darren Sorry to come in on someone else's thread, but you recommended validating Slack's request, but we're not actually able to do that in Retool Workflows unless something has changed. This other thread has the details Verify slack request signature
We don't have access to the raw request body, without headers, before it has been deserialized from JSON or other forms.
Has that changed?
No worries, @ankurkwv! You may have seen my update that it's now possible to access the raw body of incoming webhook requests on self-hosted deployments, thus enabling HMAC. We are looking into enabling the same functionality on the cloud. While request signing is obviously preferred, Slack does still support verification tokens.
Ah thanks @Darren! I'll stay tuned for cloud version. (Also, sorry, at the time I posted, the thread I was watching didn't have this news 
)
1 Like
Have you had a chance to revisit this, @YacinePaveFi? Let me know if you have any questions!