You can verify the signature of our JWT’s in a Netlify function. In fact if you pass an Identity JWT in as a bearer token in an Authorization header, we’ll verify for you automatically and inject the user data in to the functions context. From there you can actually run some logic with that data or sign a new JWT and send it to your own backend. Another option is to use JWS with netlify redirects so that you can confirm that the request comes Netlify directly. You can read more about signed proxy redirects in Introducing Structured Redirects and Headers