Slack RTM API uses POST or GET method?

2
votes

This might seem a lame question, but would be great if someone can help. I wrote a small python script which returns some output based on a command sent to it via slack's custom bot. Python script uses RTM API. Whenever someone in slack mentions the bot and passes a command (ex: @slackcustombot foobar), it returns a custom message(ex: Hi foobar) from the script. Now the issue is at the security side. My script resides at a server which is not open to internet. And as Slack uses dynamic IP, there's no possibility of white-listing the slack ip's.

So basically, all I wanted to know is, when someone in slack channel mentions the bots, and when the bot at slack server sends the command to my python script residing at my server, does it send as GET method or as POST method? cuz if it's a GET method, I might not have to worry about the security issue. but if it sends as POST method, what alternative I could use in this scenario? Any help is appreciated. Please correct me if I am wrong somewhere, still learning. :)

Regards, Junaid.

1
pythonslack-api

1 Answers

1
votes

Neither. It uses the WebSocket protocoll. If you rather want to use a HTTP-based protocol I would recommend looking into the Slack's Event API. It uses HTTPS POST to transfer messages to your bot.

The Events API is not providing all event types that are available with the RTM API, but its much easier to handle and should be sufficient for a chat bot. Check here for a documentation of which event types are available to the both RTM API and Events API.

You will however need to find a way to expose the url of your bot to the Internet, so that Slack can use it. If you need to access internal company applications through your Slack bot, the best approach in my opinion is to have the Slack bot on a webserver in the DMZ of your company.

A more small scale approach is to use a forwarding provider that is connecting to your local webserver through a VPN tunnel and exposing your internal webserver through a special public URL. That would work if you want Slack to talk to your webserver on a local network behind a router / firewall. One example is ngrok, but they are other providers too.