Can you call a webhook instead of having front-end receive the on transaction complete?
Two issues:

  • Malicious users can just manually call whatever we do with the result of this function.

  • When users have multiple panels open, this gets called multiple times




There is a webhook topic for transactions https://dev.twitch.tv/docs/api/webhooks-reference#topic-extension-transaction-created

Which is why transaction receipts are signed, and any action your EBS takes should verify that signature to prevent malicious users from faking a transaction.

1 Like

@CVS-Gaming Thanks @Dist! That’s correct, please ensure transaction receipts are validated using your extensions shared secret.