Introduction
Slack provides a utility for the workspace administrators to create and manage webhook URLs which can be used to send messages to a specified Slack channel. This is a great service that can be used to create a notification system and send automated notifications to a dedicated Slack channel via an application.
Creating a Slack App
This section lists the steps that are required to be performed in order to create a Slack application that will contain the incoming webhook.
-
Navigate to https://api.slack.com/apps
-
Click on the “Create New App” button
-
Select the “From scratch” option to create a new app
-
Next, give a name for the App and select the workspace the app is meant to send notifications to, and click on the “Create App” button
-
If you receive this warning message, the application would need to be approved by an administrator of the Slack workspace
Creating a Slack Webhook
This section lists the steps that are required to be performed in order to create a Slack webhook URL.
-
Navigate to https://api.slack.com/apps
-
Choose the “kloudle-notifications-app” from the list
-
Ensure you’re on the app’s “Incoming Webhooks” page under the “Features” menu
-
Click on the toggle button to activate incoming webhooks
-
Navigate to the “Webhook URLs for Your Workspace” section and click on the “Add New Webhook to Workspace” button
-
Select the channel to send the notifications to from the drop-down menu and click on the “Allow” button
-
Copy the Webhook URL which can now be used to send notifications to the channel
-
If you are not a “Workspace Owner” for the Slack workspace instead of the “Add New Webhook to Workspace” button you will see a “Request to Add New Webhook” button. Click on the button to send a request to the Workspace Owner to approve the creation of the incoming webhook
-
Once the request is approved, follow steps 5, 6, and 7 to create the webhook and get the Webhook URL
Note: To add subsequent webhooks we can use the same Slack app instead of creating a new one each time.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.