I am planning to receive notifications from Twitch Drops from EventSub.
In this case, I would like to ensure that the webhook is issued from Twitch’s EventSub.
However, we would like to allow only a limited number of access sources without exposing the endpoints.
Will the access source of the webhook issued from EventSub be a fixed IP address?
Or is there no fixed one?
In your 2018 post, you ask us to make a decision based solely on the Secret, has that changed?
There is no op address range published as aws is used and servers added/removed as needed
Only twitch will have your secret used to create a webhooks
You can also use the entitlements api instead
Thanks for the reply!
It seems that in the entitlementgrant, I can set an arbitrary value for the secret attribute in the Transport and match it.
The http post doesn’t give you the secret back. The secret is used to verify the incoming payload.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.