Slack Webhook Trigger

Receive and verify events from the Slack Events API.

Overview

The Slack Webhook Trigger runs a workflow when Slack delivers an Events API request to a Spojit-generated URL. It verifies the request using Slack's signing secret and timestamp, so only payloads from your Slack app are accepted and replays are rejected.

Use it to react to Slack activity: turning messages into support tickets, capturing reactions for moderation, routing channel events into other systems, or triggering AI replies on mentions. It pairs well with the Slack connector for sending outbound messages back into Slack from the same workflow.

What You Can Do

The Slack Webhook Trigger receives signed Events API payloads from Slack and exposes them to the workflow body:

message events - new messages posted in channels, threads, or DMs the app is in.
app_mention events - posts that explicitly @-mention the Slack app.
reaction_added and reaction_removed events - emoji reactions on messages.
channel_created, channel_archive, member_joined_channel - channel lifecycle events.
file_shared, file_created - file upload events.
url_verification - the one-time handshake Spojit responds to automatically when you register the URL with Slack.
X-Slack-Signature and X-Slack-Request-Timestamp headers - used by Spojit to verify the signing secret with a timestamp skew check.
body - the full Slack event JSON exposed to the workflow once the signature is verified.

Authentication

The Slack Webhook Trigger does not call the Slack API. Spojit verifies inbound requests using HMAC-SHA256 over the timestamp and raw body against your Slack app's signing secret. Get the signing secret from api.slack.com -> Your Apps -> (your app) -> Basic Information -> App Credentials -> Signing Secret.

Setting Up Your Connection

Go to Connections from the sidebar.
Click + Add Connection.
Search for Slack Webhook Trigger and select it.
Paste your Slack app's Signing Secret. Spojit generates a webhook URL for you to copy.
Give your connection a name (for example "Acme Slack events") and click Save.
In Slack, go to api.slack.com -> Your Apps -> (your app) -> Event Subscriptions, enable events, and paste the Spojit URL as the Request URL. Slack verifies the URL automatically.
Subscribe to the event types you want (for example message.channels, app_mention, reaction_added) and save changes.
If you changed scopes, reinstall the app to your workspace.

Using the Trigger

The workflow starts on a webhook trigger node bound to this connection. When Slack delivers a verified event, the workflow runs against the payload. Use {{trigger.body.event.type}} to branch on event type and {{trigger.body.event.text}} or {{trigger.body.event.user}} to read message contents.

Tips

Subscribe only to the events you need. Slack workspaces are noisy, and extra subscriptions cost executions.
Acknowledge quickly. Slack expects a 2xx response within 3 seconds, otherwise it retries. Keep heavy work behind the trigger node so Spojit can ack immediately.
Use app_mention rather than message.channels when you only care about direct mentions of your bot.
Combine with the Slack connector in the same workflow to post replies, add reactions, or open threads in response to incoming events.

Common Pitfalls

Slack signs the raw request body. A proxy that reformats JSON or strips whitespace will break signature verification.
Slack retries failed deliveries with backoff. If your workflow has side effects, dedupe runs by event_id in the payload to avoid double-processing.
Subscribing to a bot event without the matching OAuth scope means Slack will not deliver it; check scopes if expected events do not arrive.
Self-bot messages can create loops. Filter out events where event.bot_id equals your own app's bot ID.

Common Use Cases

For technical API details and field specifications, see the Slack Webhook Trigger trigger documentation.