Webhook to Slack: HMAC-Verified Event Alert Template

An HMAC-verified Webhook trigger receives a signed inbound POST and posts a formatted alert to a Slack channel, the reusable pattern for any trusted external event.

What It Builds

This Spojit template uses a Webhook trigger that verifies each inbound request against a signing connection, so only legitimately signed events from your external system start a run. A Connector node on the slack connector then runs send-message to post a clean, formatted alert into the channel you choose. The trigger output is the parsed JSON body, available as {{ input }}, so you can drop event fields straight into the Slack message.

The Prompt

Paste this into Miraxa and it builds the workflow, connecting the tools for you:

Build a workflow with an HMAC-verified Webhook trigger that receives an external POST, and add a Connector node on the slack connector that posts a formatted alert to the #alerts channel including the event type, a short summary, and a timestamp from the request body.

Connectors Used

• Webhook trigger - receives the external HTTP POST at the workflow's URL and verifies it with an HMAC signing connection (Spojit, Shopify, GitHub, Slack, or Custom scheme).
• slack - the send-message tool posts the formatted alert to your chosen channel.

Customize It

Change #alerts to the channel you want, and adjust which body fields land in the message by referencing them with handlebars such as {{ input.eventType }} or {{ input.summary }}. To match the signing scheme your sender uses, set the Webhook trigger's signing connection in the properties panel after Miraxa scaffolds the workflow. If you want a reply to a synchronous caller, add a Response node; otherwise the trigger returns 202 with an executionId on its own.

Tips

• Pick the signing scheme that matches your sender (for example the GitHub or Slack scheme) so signature verification passes on the first POST.
• Use Direct mode on the Slack Connector node for this predictable single send-message call, which keeps it deterministic and avoids AI credit cost.
• Turn on event-id dedup if your sender may retry, so a replayed POST does not post the alert twice.

Related

• Setting Up a Webhook Trigger walks through configuring the trigger and its signing connection.
• Setting Up a Webhook Connection covers the HMAC signing connection in detail.
• How to Build a Webhook-Triggered Order Processing Workflow is the step-by-step version for a fuller event flow.