Requex.me LogoRequex.me

Documentation

Browse by section

Keep all guides, tool docs, automation recipes, and comparison pages in one navigable place.

Docs Home
Docs

Foundation docs for getting started fast, understanding key terms, and tracking what has changed.

Features

Mock Server
Guides

Start with fundamentals, then move into provider-specific webhook testing and production hardening.

Tool Docs

These pages explain what each tool does, when to use it, and how it fits into a webhook debugging workflow.

Automation Docs

Use these setup guides when you want forwarding rules, custom responses, security checks, or multi-destination fanout.

Compare

Use these pages to compare developer workflows, pricing tradeoffs, and feature differences between webhook tools.

How to Test Slack Webhooks: Complete Guide

How to test Slack incoming webhooks, use the Events API for outgoing hooks, and debug the most common Slack integration errors.

Editorially reviewed by the Requex team11 min readAbout the product

Understanding Slack's Webhook Types

Slack offers multiple webhook mechanisms, each serving a different purpose. Knowing which type to use and how to test each one is key to building reliable Slack integrations.

Incoming Webhooks

Send messages TO Slack. You POST a JSON payload to a Slack-provided URL, and the message appears in a channel. Used for notifications, alerts, and automated messages.

Events API (Outgoing)

Receive events FROM Slack. Slack sends HTTP POST requests to YOUR URL when things happen: messages posted, reactions added, channels created, users joining.

Testing Incoming Webhooks (Sending to Slack)

Incoming webhooks are the simplest Slack integration. Slack gives you a URL; you POST JSON to it; a message appears in a channel.

Setup

  1. Go to api.slack.com/apps → Create New App → From Scratch.
  2. Under Features → Incoming Webhooks → Activate.
  3. Click "Add New Webhook to Workspace" and select a channel.
  4. Copy the webhook URL (looks like https://hooks.slack.com/services/T.../B.../xxx).

Test with cURL

# Simple text message
curl -X POST https://hooks.slack.com/services/YOUR/HOOK/URL \
  -H "Content-Type: application/json" \
  -d '{"text": "Hello from my webhook test! 🎉"}'

# Rich message with blocks
curl -X POST https://hooks.slack.com/services/YOUR/HOOK/URL \
  -H "Content-Type: application/json" \
  -d '{
    "blocks": [
      {
        "type": "section",
        "text": {
          "type": "mrkdwn",
          "text": "*New Deployment* 🚀\nBranch: main\nStatus: Success"
        }
      })
  }'

Testing Events API (Receiving from Slack)

The Events API is where Requex.me becomes essential. Slack sends events to YOUR URL, and you need to capture and inspect them.

The URL Verification Challenge

When you first configure an Events API URL, Slack sends a verification challenge. Your endpoint must respond with the challenge value. This is critical to understand before testing.

// Slack sends this POST:
{
  "type": "url_verification",
  "challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P",
  "token": "Jhj5dZrVaK..."
}

// Your server must respond with:
{
  "challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P"
}

// Express.js handler:
app.post('/slack/events', (req, res) => {
  if (req.body.type === 'url_verification') {
    return res.json({ challenge: req.body.challenge });
  }
  
  // Handle actual events
  const { event } = req.body;
  console.log('Event:', event.type, event);
  res.status(200).send('OK');
});

Capture Events with Requex.me

While Requex.me can't respond to the URL verification challenge automatically, it's perfect for inspecting the payloads of actual events after verification. Use it to understand the exact structure of message, reaction_added, member_joined_channel, and other events before building your handler.

Common Slack Webhook Events

EventTriggerPayload Contains
messageMessage posted in channeltext, user, channel, ts
reaction_addedEmoji reaction addedreaction, user, item
member_joined_channelUser joins a channeluser, channel
app_mentionBot mentioned in messagetext, user, channel
channel_createdNew channel createdchannel name, creator

Slack Webhook Security

Slack provides a signing secret for verifying requests. Always verify signatures in production to prevent spoofed events.

const crypto = require('crypto');

function verifySlackRequest(req, signingSecret) {
  const timestamp = req.headers['x-slack-request-timestamp'];
  const slackSignature = req.headers['x-slack-signature'];
  
  // Prevent replay attacks (reject if older than 5 minutes)
  const fiveMinAgo = Math.floor(Date.now() / 1000) - 300;
  if (timestamp < fiveMinAgo) return false;
  
  const sigBasestring = 'v0:' + timestamp + ':' + req.rawBody;
  const mySignature = 'v0=' + crypto
    .createHmac('sha256', signingSecret)
    .update(sigBasestring)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(mySignature),
    Buffer.from(slackSignature)
  );
}

For more details on webhook security, see our Webhook Security Best Practices guide.

Start Testing Webhooks Now

Generate your unique URL and test webhooks instantly. Free, no signup.

Open Webhook Tester →