At $work we use Slim for powering our slack / command bot. It's a really nice minimalist framework in PHP which has a nice set of helpers and features whilst still being very lightweight.
Since we're using it for responding to slack requests, we need to validate whether the headers that slack commands send for auth are all correct (the basic idea is that you generate a HMAC hash using your secret key and the details in the header and see if it matches the hash slack sent). Thankfully, Slim has a pretty lean middleware system, which made the code pretty easy to implement.
I've put the code for it on gist for anyone to use under the Mozilla Public License 2.0:
It assumes you are using phpdotenv to store your shared secret as
SLACK_SECRET, but if not you can change this on line 43.
There is also, on lines 20-24 the option to have an
AUTH_BYPASS env var set to skip checking for the header, but if you don't need this it can safely be removed.