Custom control not validating
Once your server receives the invocation, it may post a message in response.
Any posted messages will originate from your application's identity.
To best prepare for an eventual future, enable expanded entity references and look for user IDs exclusively for mentioned users. It's an important thing to consider especially if you're planning to distribute your app.
When naming your command, avoid invocations that are likely to be duplicated.
If you'd like to just return information in the simplest possible way, it can respond immediately (within 3000 milliseconds) with a plain text string: If you'd like to customize the appearance of the response message with extra message formatting or attachment fields, you can respond immediately (within 3000 milliseconds) with a valid JSON payload: Your URL should respond with a HTTP 200 "OK" status code.
Any other flavor of response will result in a user-facing error.
NOTE: If you enabled distribution of your app, the URL you provide must use HTTPS with a valid, verifiable SSL certificate. "Bert" might decide to assign "Ernie" a task like so: . But to actually address that as any kind of unique entity on the workspace you're working with, you really want to work with a user ID, not the username.
the command will set a reminder for you to drink a glass of water in 10 minutes.
Under the hood, there are at least 3 different kinds of commands.
When building an internal integration for your own workspace, SSL verification is waived.
We also provide a means to verify the request is coming from Slack.