Independent access to Inbox API endpoint

Hello Dynalist Team.

Currently API token allows holder to do any read/write actions over all documents.
If this token get stolen all the data will be compromised.
That is the reason why I don’t even want to generate it.

But still I need to have integrations with applications like twitter/telegram/rediit etc. So when I click on like, upvote, get an email, etc and send it to my inbox. I can create a bot (with AWS lambda) or use zapier (or other tools like this) and react on this events.

Having a way to push only to inbox without need to potential exposing all data will be very good feature.

I can add two suggestions how it can be implemented currently:

  • Add Additional API token on /developer that allow only push to inbox
  • Add “webhook” path for inbox which you can turn on/off from settings
    • For example POST https://dynalist.io/inbox/<random-user-related-regeneratable-token>

Moved to Developers as it’s not a Dynalist product feature request. @Shida

That sounds like a reasonable request. I think we’ll need some time to internally discuss implementation details first. Can’t promise anything yet due to prioritization but I can put this on our tracker for now.

1 Like

Can I add a “tracked” tag to this post then?