Currently working on implementation of twitch drops for our game and a bit confused by ability to send arbitrary data to our VHS handling endpoint.
Am I missing some way of validation for POST requests from twitch’s VHS to prevent malicious usage or it’s not provided? I found nothing about it in official docs, but I think it’s possible to validate at least by checking that requester’s IP is in the list of twitch’s servers ip pool, or something like that.