class SlackEvents::VerificationHandler


Middleware that verifies that requests are correctly signed with SLACK_SIGNING_SECRET by Slack.

Included Modules

Defined in:



Instance Method Summary

Constructor Detail

def : String) #

Initialize with the unique string Slack creates for your app. Verify requests from Slack with confidence by verifying signatures using your signing secret.

[View source]

Instance Method Detail

def call(context) #

Requests that go through this middleware need to have a valid signature or are a '403 - Forbidden' will be returned to the client.

[View source]
def computed_signature(request) #

With the help of HMAC SHA256 - OpenSSL::HMAC hash the basestring, using the Slack Signing Secret - @signing_secret - as the key.

[View source]
def valid_age?(request) #

The signature depends on the timestamp to protect against replay attacks. Check to make sure that the request occurred recently.

NOTE The package defaults to accepting timestamps that are within 5 minutes of the current time. i.e. It can be either from 3 minutes ago or 3 minutes from now.

[View source]
def valid_signature?(request) #

Compare this computed signature to the X-Slack-Signature header on the request.

[View source]