Validate Slack requests

You can build a Slack app, but you should make it secure. See how to validate Slack’s requests.

Slack’s requests are signed. In the repo mentioned below, I show how to build the signature using the request’s payload plus the signing key; and how to compare it with the signature that Slack sends in the request’s headers.

I wrote this here because it took me a little while to figure out how to do it right: