If I leave the code the way it is right now, it’s gonna work flawlessly. However, my concern is a security concern. What if someone edits the javascript or creates a new application which keeps telling the server that XYZ donated 1000 bits to ABC’s channel?? The server’s database is going to be filled with fake information, which is… definitely not what I want. I want the server to be able to verify each donation message received from any client. Possible solutions:
- The server can get the latest bit donations for a certain channel using the Twitch API.
- Since each donation message contains a “message_id”, the server may be able to get the information of this message from that “message_id” using the Twitch API.
I couldn’t find a real way of doing it, though…