Get Our Latest Thoughts & Opinions

Use Slack Slash Command Requests in Mulesoft APIs

  • 30 Mar 2022
  • Yurii Kostenko

We see many companies undergoing different digital transformation journeys. During this process, companies end up adding a lot of complexity to their employees by adding more daily activities and asking them to use multiple systems to do their daily job. 

We always recommend that companies simplify the daily work of their employees. Companies need to let their employees focus on their actual work and minimize the different tasks each employee needs to do on different systems. With the power of Mulesoft, it can be achieved much faster and easier.

For example, let's look at a scenario where a salesperson wants to know what are the high priority tasks that are due for today. Instead of logging into a CRM platform, like Salesforce, and running a report/filter the list of task records, why not just simply type a slash command in Slack and get the information straight back in the same system?

This can easily be achieved with three steps:

Mulesoft API will listen to incoming requests coming from Slack, process the requests by utilizing the business logic implemented inside the API, and return the responses back to Slack which will be presented as messages in a Slack chat.

When using Slack slash commands you cannot apply Anypoint API Manager security policies on top of the request URL of Mulesoft APIs. However, you can validate requests by verifying the Slack signature provided in headers with each request. This validation can be implemented inside the Mule applications.

You can validate requests from Slack by verifying signatures using your Signing Secret. Slack signs its requests using a secret that's unique to your app. Slack creates a unique string for your app called “Signing Secret” (this can be found in Settings -> Basic Information -> App Credentials section of your Slack app). 
On each HTTP request that Slack sends, you can find the “X-Slack-Signature” HTTP header. This signature is unique and created by combining your app Signing Secret with the body of the request sent using a standard HMAC-SHA256 keyed hash. You can find more information about the verification of Slack requests here.

The below walkthrough explains how to implement the use-case discussed at the beginning of the article, and validate Slack slash command requests.

1. Open Anypoint Studio and Create a new Mule Project, define ‘Project Name’ and click “Finish”

2. Drag & drop HTTP Listener to a working canvas. Add the connector configuration and path to be used for Slack requests

3. Add 2 Flow References to the main flow. One will be used for Slack signature validation (slack-validate-signature), and the other for API business logic (get-tasks-from-sf)

4. Add Transform Message component to a flow (slack-validate-signature). Instead of payload, create a new variable here.

5. Add the below code to a variable in Transform Message to compare the Slack signature received in the headers against the encrypted payload (2 modules need to be imported: import dw::Crypto (to encrypt string value using ”HMACWith” dataweave function), and import * from dw::core::Strings (to get needed part of the string using ”substringAfter” dataweave function)). The Slack Signing Secret value is saved in the properties file and encrypted by using the Secure Configuration Properties module.

6. Add “Is True” Validation component after the Transform Message. It will validate the variable, and if the validation value is false, it will raise an error

7. Add “Query” operation from Salesforce Module to the flow (get-tasks-from-sf) (FIELDS(ALL) selection will return all fields of the object from Salesforce, but it is limited up to 200 records and only with Salesforce API version 51.0 and higher)

8. Add Transform Message component to the same flow in order to prepare the response body back to Slack (the below code is just a simple example of how messages can be created in Slack; more information can be found here:, or it can be tested interactively here:

9. The API is ready. Deploy the application, update the request URL of the slash command in Slack, and test it in the Slack app by typing a slash command.

This is just one possible use-case of many more, where integration with Mulesoft is applicable. If you have business requirements that need the integration of multiple systems, reach out to the Pexlify team for assistance.

Get In Touch

Discover how Pexlify can create digital experiences that transforms and optimises your business with Salesforce.

Get Started