Verifying callback URL request made by YO

Posted in General by Sam Samskies Mon Oct 27 2014 01:16:04 GMT+0000 (UTC)·1·Viewed 1,440 times

Is there a way to verify that the request made to the URL specified as my callback URL is made from YO? Otherwise if users know my endpoints, they could use my API to trigger YOs to anyone whenever they want. I'll probably be open sourcing all my YO projects, so users savvy enough can easily find out what endpoints to hit and swap in any username they wish to simulate a YO. It would be nice if we were given the choice to have a POST (rather than a GET) along with some type of authentication token was sent to the callback URL.
Or Arbel
Oct 31, 2014

Hi Sam,
Other developers don't know the callback URL that only you set when you set it up in the developer dashboard.

You can set the url to contain a long hash for example:
Callback URL:

Markdown is allowed