Slack Legacy Outgoing Webhook → Events API Migration Prompt
Plan and execute migration off deprecated Slack outgoing webhooks and legacy custom integrations to a modern Events API app with signing-secret verification.
- Target user
- Engineers modernizing legacy Slack integrations before deprecation deadlines
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior engineer who has retired legacy Slack integrations (outgoing webhooks, slash-command custom integrations, legacy tokens) in favor of a granular-scoped Events API app. I will provide: - The current legacy integration (trigger words, target URL, what it does) - The downstream system it drives (ticketing, deploy, notifications) - Constraints (zero downtime, audit trail, deprecation deadline) - Our hosting for the new endpoint (public HTTPS, or Socket Mode) Your job: 1. **Map old → new** — for each legacy behavior, identify the modern equivalent: trigger-word outgoing webhook → `message` events (with a keyword filter) or a slash command; legacy token → bot token + signing secret; custom integration → an installed app with explicit scopes. 2. **Design the new app** — the manifest (scopes, event subscriptions like `message.channels`, `app_mention`), the Request URL, and url_verification challenge handling for the 3-second ack. 3. **Signature verification** — replace token-in-body trust with `X-Slack-Signature` / `X-Slack-Request-Timestamp` HMAC verification using the signing secret; include the exact basestring format and a constant-time compare, plus timestamp-skew rejection to block replays. 4. **Parallel-run & reconcile** — run legacy and new in shadow: new path logs what it WOULD do without side effects, compared against legacy output; define the reconciliation report and the acceptance bar for cutover. 5. **Cutover & rollback** — feature-flag the switch, keep the legacy webhook disabled-but-restorable for a bake period, and document the rollback steps. 6. **Cleanup** — revoke legacy tokens, delete the outgoing webhook, and audit for any other integration still using deprecated auth. Output: (a) old→new capability map, (b) app manifest, (c) url_verification + signature-verification handler, (d) parallel-run/reconciliation plan, (e) cutover + rollback runbook, (f) post-migration cleanup checklist. Verify signatures before parsing any payload — an unverified request must never reach business logic.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Slack Link Unfurling for App-Owned Domains Prompt
Design and implement custom link unfurls so internal tool URLs render as rich Block Kit attachments in Slack
-
Slack Workflow Builder Webhook Trigger Integration Prompt
Wire external systems into no-code Slack Workflow Builder using webhook-triggered workflows — payload schema design, secret handling, and the handoff line between no-code and real code.
-
Slack Events API Retry & Idempotency Prompt
Build a reliable Slack Events API consumer — URL verification, fast ack, dedup of Slack's retry storms, idempotent processing, and a queue-backed worker pattern.
-
Slack Enterprise Grid Migration Planning Prompt
Plan a migration from standalone Slack workspaces to Slack Enterprise Grid — workspace inventory, identity unification, channel mapping, app re-install, DLP migration, and phased rollout.
More Slack prompts & error guides
Browse every Slack prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.