View another event... accounts_changed app_home_opened app_mention app_rate_limited app_requested app_uninstalled bot_added bot_changed call_rejected channel_archive channel_created channel_deleted channel_history_changed channel_joined channel_left channel_marked channel_rename channel_shared channel_unarchive channel_unshared commands_changed dnd_updated dnd_updated_user email_domain_changed emoji_changed external_org_migration_finished external_org_migration_started file_change file_comment_added file_comment_deleted file_comment_edited file_created file_deleted file_public file_shared file_unshared goodbye grid_migration_finished grid_migration_started group_archive group_close group_deleted group_history_changed group_joined group_left group_marked group_open group_rename group_unarchive hello im_close im_created im_history_changed im_marked im_open link_shared manual_presence_change member_joined_channel member_left_channel message message.app_home message.channels message.groups message.im message.mpim pin_added pin_removed pref_change presence_change presence_query presence_sub reaction_added reaction_removed reconnect_url resources_added resources_removed scope_denied scope_granted star_added star_removed subteam_created subteam_members_changed subteam_self_added subteam_self_removed subteam_updated team_domain_change team_join team_migration_started team_plan_change team_pref_change team_profile_change team_profile_delete team_profile_reorder team_rename tokens_revoked url_verification user_change user_resource_denied user_resource_granted user_resource_removed user_typing
url_verification event Verifies ownership of an Events API Request URL
Compatibility: Events API
This Events API-only event type has no "inner event". Instead, the complete payload you'll receive is similar to this JSON:
{
"token": "Jhj5dZrVaK7ZwHHjRyZWjbDl",
"challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P",
"type": "url_verification"
}
This event does not require a specific OAuth scope or subscription. You'll automatically receive it whenever configuring an Events API Request URL.
Once you receive the event, verify the request's authenticity and then respond in plaintext with the challenge attribute value. In this example, that might be:
HTTP 200 OK
Content-type: text/plain
3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P
If you prefer, you can respond with application/x-www-form-urlencoded:
HTTP 200 OK
Content-type: application/x-www-form-urlencoded
challenge=3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P
Or even JSON:
HTTP 200 OK
Content-type: application/json
{"challenge":"3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P"}
The important thing is to quickly validate the request's origin and respond with the challenge.
Learn more about URL verification .
Events API compatibility Your application will automatically receive this event when first configuring your Events API request URL.
Unavailable in the RTM API
This event type is compatible only with the Events API .
