hello,

I've implemented a minimal version of payload receiving in dobrado, but now that I've done that I'm wondering what the minimal verification process of that payload needs to be. I haven't implemented capability urls or hub.secret yet, so I thought I would at least check that the IP address of the server providing the update matches the url provided, or otherwise the hub for the url.

This works fine for a single server, but doesn't work for hubs that use multiple servers. It seems to me that verifying the payload has come from a trusted source requires one of the above authentication mechanisms, does that sounds correct?

Yes, either the capability URL or checking the signature using the hub.secret are the recommended ways of verifying the payload.