Verify a Callback

The vcr object on the SDK allows you to verify whether a callback that your application receives is from the Cloud Runtime platform. This is done by checking if a JWT that has been signed with your Vonage Application's private key. All requests that are made to your instance from the Cloud Runtime platform will have this token in the Authorization header.

Method Signature

vcr.verifyAuth(token: string)

Getting your Application URL

You can use verifyAuth in a middleware function, which will throw an error if the token is not valid.

// Express Example
const authMiddleware = (req, res, next) => {
    const token = req.headers['authorization'];
    if (!token) {
        return res.status(401).json({ error: 'Missing Authorization header' });
    }

    try {
        vcr.verifyAuth(token);
        next();
    } catch (error) {
        return res.status(401).json({ error: error.message });
    }
};

# aiohttp Example
@web.middleware
async def auth_middleware(request, handler):
    if request.path == '/_/health':
        return await handler(request)

    token = request.headers.get('authorization')
    if not token:
        raise web.HTTPUnauthorized(text='Missing Authorization header')
    try:
        vcr.verifyAuth(token)
    except Exception as e:
        raise web.HTTPUnauthorized(text='Invalid token')
    return await handler(request)