No worries, @ankurkwv! You may have seen my update that it's now possible to access the raw body of incoming webhook requests on self-hosted deployments, thus enabling HMAC. We are looking into enabling the same functionality on the cloud. While request signing is obviously preferred, Slack does still support verification tokens.