HTTP integration authorization

Hello. Bear with me :slight_smile:

So, I’m using the HTTP integration to send (post) data to my Google firebase app. Over there I’ve exposed an endpoint (serverless function) that gets the POST request and stores data to my cloud firestore database. So far so good.

The issue I have now, well, I’m asking myself how can I prevent everyone out there to hit my REST endpoint and manipulate my data.

One way would be to use JWT tokens, but for that ChirpStack integration would need to send a token to my endpoint so I can verify it. Is the header “add header” functionality under the HTTP integration meant for that?

Supposing what I’m trying to achieve is not doable or not the way to go, how is authorization supposed to be implemented?

Thanks, Marko