Menu
I'm setting up slack alerts on a project I'm working on.
To use slack's Incoming web hook, all you have to do is do a POST request to a slack url. I don't see any security on it. How is this secure? Wouldn't someone be able to post messages if he gets hold of this url, given that the url is public even in https connections ?
824
The docs you linked say:
Keep it secret, keep it safe. Your webhook URL contains a secret. Don't share it online, including via public version control repositories. Slack actively searches out and revokes leaked secrets.
That is, you should keep the webhook URL as secret as any secret (database passwords, ...) in your app.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
