Validate signature in response from URLFetch

Hi all, in URL Fetch documented here: UrlFetch - Nightbot Docs

Included is a Nightbot-Response-Url: https://api.nightbot.tv/1/channel/send/TVRRM05UazRNVGsyT1RnNE1TOWthWE5

How can I validate that signature? Ultimately when I hit my backend api, I want to validate that the request indeed came from nightbot and not just being spoofed. The other headers seem like they can be easily spoofed.

But I can’t decode / validate that signature without knowing the original key. So any thoughts?

Hey @aavet!

I guess you can check if the Nightbot-Response-Url is a api.nightbot.tv URL?
If you don’t like my answer, here’s a similar question to yours and some answers.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.