url_verification event

Verifies ownership of an Events API Request URL

Compatibility: Events API

This Events API-only event type has no "inner event". Instead, the complete payload you'll receive is similar to this JSON:

{
    "token": "Jhj5dZrVaK7ZwHHjRyZWjbDl",
    "challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P",
    "type": "url_verification"
}

This event does not require a specific OAuth scope or subscription. You'll automatically receive it whenever configuring an Events API Request URL.

Once you receive the event, verify the request's authenticity and then respond in plaintext with the challenge attribute value. In this example, that might be:

HTTP 200 OK
Content-type: text/plain
3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P

If you prefer, you can respond with application/x-www-form-urlencoded:

HTTP 200 OK
Content-type: application/x-www-form-urlencoded
challenge=3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P

Or even JSON:

HTTP 200 OK
Content-type: application/json
{"challenge":"3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P"}

The important thing is to quickly validate the request's origin and respond with the challenge.

Learn more about URL verification.

Events API compatibility

Your application will automatically receive this event when first configuring your Events API request URL.

Unavailable in the RTM API

This event type is compatible only with the Events API.

Building an onboarding bot in Ruby using Slack's Events API
Tutorial by Slack
Building a simple bot using Slack's Events API in Python
Tutorial by Slack

url_verification event

Events API compatibility

Unavailable in the RTM API

Related Articles