Keep Slack requests safe by checking their signature before any data moves forward. This setup is ideal for teams that run Slack apps, slash commands, or event subscriptions and want to block fake calls early. It helps security and keeps your workflows clean and reliable.

Inside, the flow starts with an Execute Workflow Trigger so it can be called from your main webhook workflow. A Code node builds the base string for Slack signing using the body and timestamp. A Crypto node creates an HMAC SHA256 value with your Slack signing secret. An IF node compares the computed value to the request header signature. If they match, a Set node marks signature verified as true and a Merge node returns this flag with the original data. If they do not match, a Stop and Error node raises a clear error.

You will need a Slack app and its Signing Secret. Paste the secret into the Crypto node and pass the raw Slack request from your main webhook workflow into this one. Expect faster reviews, fewer false requests, and a single truth flag you can check before any business logic runs. It fits teams that process Slack messages, approvals, or helpdesk events and want simple, strong request validation.

• Reusable subworkflow triggered by Execute Workflow Trigger so you can call it from any main webhook flow
• Code node builds the Slack signature base string from the timestamp and raw body
• Crypto node computes HMAC SHA256 using your Slack signing secret
• IF node compares the header signature to the computed value
• Stop and Error node halts the run with a clear message if verification fails
• Set node adds a signature_verified true flag on success
• Merge node returns the original request combined with the verification result

• Block fake Slack requests before they reach your business logic
• Reduce manual checks from 30 minutes to under 1 minute
• Improve data integrity by ensuring only signed requests pass
• Standardize security across all Slack entry points
• Handle more Slack events without extra review effort

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Slack. See the Tools Required section above for links to create accounts with these services.
3. In your Slack API dashboard, create or open your Slack app and copy the Signing Secret from the Basic Information page.
4. In your main n8n workflow, add a Webhook node that receives requests from Slack and keep the raw body unchanged. Add an Execute Workflow node to call this verification workflow and pass the full request JSON to it.
5. Open the verification workflow. Double click the Crypto node and paste your Slack Signing Secret into the Secret or Key field used for HMAC.
6. Ensure the Code node input includes the raw body and Slack headers so it can read the timestamp and signature. Do not modify the body before verification.
7. Run a test from Slack by sending a test event or a slash command. Watch the n8n execution to confirm that signature_verified is true on success.
8. If you see the error Could not verify Slack Webhook signature, check that the Signing Secret is correct and that the raw body is not changed by any previous node.
9. In the main workflow, handle the Stop and Error outcome by using an Error Workflow or enable Continue On Fail and branch on success or failure as needed.
10. Once verified, continue downstream logic only when signature_verified equals true to protect your systems from spoofed calls.