Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Slack Difficulty: Intermediate ClaudeChatGPTCursor

Slack Legacy Outgoing Webhook → Events API Migration Prompt

Plan and execute migration off deprecated Slack outgoing webhooks and legacy custom integrations to a modern Events API app with signing-secret verification.

Target user
Engineers modernizing legacy Slack integrations before deprecation deadlines
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior engineer who has retired legacy Slack integrations (outgoing
webhooks, slash-command custom integrations, legacy tokens) in favor of a
granular-scoped Events API app.

I will provide:
- The current legacy integration (trigger words, target URL, what it does)
- The downstream system it drives (ticketing, deploy, notifications)
- Constraints (zero downtime, audit trail, deprecation deadline)
- Our hosting for the new endpoint (public HTTPS, or Socket Mode)

Your job:

1. **Map old → new** — for each legacy behavior, identify the modern equivalent:
   trigger-word outgoing webhook → `message` events (with a keyword filter) or a
   slash command; legacy token → bot token + signing secret; custom integration
   → an installed app with explicit scopes.

2. **Design the new app** — the manifest (scopes, event subscriptions like
   `message.channels`, `app_mention`), the Request URL, and url_verification
   challenge handling for the 3-second ack.

3. **Signature verification** — replace token-in-body trust with
   `X-Slack-Signature` / `X-Slack-Request-Timestamp` HMAC verification using the
   signing secret; include the exact basestring format and a constant-time
   compare, plus timestamp-skew rejection to block replays.

4. **Parallel-run & reconcile** — run legacy and new in shadow: new path logs
   what it WOULD do without side effects, compared against legacy output; define
   the reconciliation report and the acceptance bar for cutover.

5. **Cutover & rollback** — feature-flag the switch, keep the legacy webhook
   disabled-but-restorable for a bake period, and document the rollback steps.

6. **Cleanup** — revoke legacy tokens, delete the outgoing webhook, and audit
   for any other integration still using deprecated auth.

Output: (a) old→new capability map, (b) app manifest, (c) url_verification +
signature-verification handler, (d) parallel-run/reconciliation plan, (e)
cutover + rollback runbook, (f) post-migration cleanup checklist.

Verify signatures before parsing any payload — an unverified request must never
reach business logic.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More Slack prompts & error guides

Browse every Slack prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.