We are developing our Chat Bot using Actions on goole SDK. On Console in Webhook section in our chatbot we are using HTTPS endpoint as fulfillment method. Now we want to secure our Webhook url endpoint, what are the ways we can use to secure our webhook url endpoint?
Requests from Google to your webhook have a google-assistant-signature header which contains a JWT.
If your fulfillment is built using the Node.js library, the verification is built in with a single line:
const {conversation} = require('@assistant/conversation');
const app = conversation({verification: 'nodejs-cloud-test-project-1234'});
// HTTP Code 403 will be thrown by default on verification error per request.
If it doesn't use that library, you'll need to look for a JWT compatible library for your language/runtime and check that the audience field of the coded JWT matches your project. The linked documentation provides more context.