6

I am trying to use slash commands to my one of the slack channel. I tried to do a POC using git API and it worked fine.

I first created a slash command from this link : https://api.slack.com/censored/slash-commands

Commnad: /poc Request URL: http://jsonplaceholder.typicode.com/posts

This worked fine when I type /opc on slack chat box of my channel. It returns some data.

But when I change the Request URL to an internal API, which is accessible only from the office domain, I get error:

Darn – that slash command didn't work (error message: Failure when receiving data from the peer). Manage the command at .

I believe, slack is not able to access my internal URL in case. Is that possible to see the slack logs?

Can anyone please help me here.

undefined
  • 3,464
  • 11
  • 48
  • 90

2 Answers2

10

This can not work, since the request URL needs to be accessible from the public Internet in order to work with Slack.

In general most of Slack's interactive features (Slash commands, Interactive messages, Modals, Events API, ...) require your app to provide a public endpoint that can be called by Slack via HTTP.

In order to access internal APIs with Slack you will need some kind of gateway or tunnel through the firewall of your company that exposes the request URL to Slack. There are many ways how to do that and the solution needs to be designed according to the security policy of your company.

Here are a couple of suggestions:

VPN tunnel

One approach would be to run your script for the slash command on an internal webserver (one that has access to the internal API) use a VPN tunnel to expose that web server to the Internet, e.g. with a tool like ngrok.

DMZ

Another approach would be to run your app in the DMZ of your companies network and configure the firewall on both sides to allow access to Slack form the public Internet and your app to you your internal network.

Bridge

Another approach is to host and run that part of your app that interacts with Slack on the public Internet and the part that interacts with your internal network on your internal company network. Then add a secure connection that allows the public part to communicate with the part running on the internal company network.

Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114
  • Though it did not solve my problem, as I am a coder with no knowledge of firewall etc. But I do agree this is the only solution. – undefined Aug 16 '17 at 11:58
3

If opening a connection into the internal network is not an option, there is another way that can allow communication with internal services by inverting the communication direction with a queue.

To do this, you need to deploy a public endpoint that accepts the requests from Slack and puts them onto a queue (e. g. AWS Lambda + SQS, Flask + RabbitMQ) and then poll the queue from the internal network. The polling needs to happen fairly often (at least once a second) to ensure the communication is quick enough for the users not to notice the lag too much. By doing this you can avoid exposing any endpoint of the internal network.

The drawbacks of this approach are more infrastructure complexity and slower response times, but it can be a good alternative in some corporate environments.

Dominik
  • 336
  • 2
  • 4