Skip to main content

Slack Instant Triggers security info

I’m looking to make a POC for a project I’m working on using Slack Instant triggers.

Need some info from Zapier to clarify concerns on the way implemented Slack triggers are implemented.


These are my assumptions:

  1. Zapier has a single slack app that gets installed for every user when user connects their slack account to Zapier
  2. This slack app has Events Subscription enabled which has a Zapier’s webhook URL.
  3. Every user who builds a Zap using Slack Instant triggers will have their events sent to this common webhook URL.
  4. Zapier decides which events should go to which Zap by looking at the event payload it received via webhook URL ?
  5. If all the above are true, there is a possibility that one user’s slack creating thousands of events which would result in reaching the max limit of events for an app in an hour (in this case Zapier’s slack app). This would affect other user’s Zap because the rate limit would be applied by Slack on Zapier’s app.
  6. If my assumptions are wrong, how is Zapier subscribing to webhook events in Slack ?

Can someone please answer these questions? 

Thank you

Hi @Troy Tessalone 

Thanks for responding.

Sadly, none of those articles talk about the questions I asked.

Can you or someone in Zapier technical team help answer this at your soonest possible ?


Hi @IS Sandbox 

Good question.

Take a look at these help articles about using Slack in Zaps: