I'm building a simple application in slack where I user requests access to a resource, and an admin of that resource may approve or deny access. The idea is that the user would use a slash command in a channel, and in a private channel or DM, the admin would get a button to approve for a certain period of time. Additionally, I don't want these requests to sit around without a response for a long time, so I'd like them to be invalidated.
My idea was to use the value attribute on my action button. When an admin clicks "Grant", it would send a value of the user id, the resource id, and a request expiration. If the request has expired (i.e. lasted longer than an hour without a response), we'll automatically reject it. My question is: how do I ensure that my request expiration timestamp isn't tampered with? I know that I could make the value a JWT on the server side, and embed that in the my action block and have that sent back, however, I'm hoping that there's something built in to Slack to take care of this already?
Any help is appreciated