I have an API that I would like to use with urlfetch()
is there a Nightbot specific domain or IP that I can add to my CORS Origin environment variables in order to let only Nightbot access the endpoint?
Nightbot’s URL fetcher doesn’t need CORS to work. Is there an error message you’re receiving?
Right, but I don’t want to add * to accepted CORS locations on my API. Does that make sense?
Why not? You can check the request and allow/deny the request based on for example the user-agent. Or if it’s sensitive data I would add a querystring parameter with some sort of token to validate the request.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.