Is there a way to make sure that the google-smart-home webhook request is from Google other than validating Authorization header?

Question

I'm developing a google-smart-home action. I want to authenticate requests by API Key.

So...

• Is there a way to add my original header value to HTTPS request from Google-Smart-Home?

If there is no way...

• Is there a way to make sure that the google-smart-home webhook request is from Google other than validating Authorization header?

Answer 1

Requests are authenticated using OAuth 2 and an authentication code flow, not an API key. There is not a way to add a header value.