Neeraj
Reputation: 2557
How is a slack webhook safe?
I'm setting up slack alerts on a project I'm working on.
To use slack's Incoming web hook, all you have to do is do a POST request to a slack url. I don't see any security on it. How is this secure? Wouldn't someone be able to post messages if he gets hold of this url, given that the url is public even in https connections ?
Upvotes: 11
Views: 7030
Answers (1)
AKX
Reputation: 169368
The docs you linked say:
Keep it secret, keep it safe. Your webhook URL contains a secret. Don't share it online, including via public version control repositories. Slack actively searches out and revokes leaked secrets.
That is, you should keep the webhook URL as secret as any secret (database passwords, ...) in your app.
Upvotes: 11
Related Questions
- Slack Incoming Webhook API
- Slack Incoming Webhook sends as my user
- Slack incoming webhook vs postMessage Web API
- Read Information for incoming slack webhooks via api
- slack chat.postMessage vs. incoming webhook?
- how to create slack incoming webhook using the api
- Slack webhook and direct/private messages
- Slack outgoing webhook :URL(s)
- How to connect slack app to webhook?
- slack integration (OAuth vs Webhook)