Independent access to Inbox API endpoint

I80286 · December 6, 2019, 12:52am

Hello Dynalist Team.

Currently API token allows holder to do any read/write actions over all documents.
If this token get stolen all the data will be compromised.
That is the reason why I don’t even want to generate it.

But still I need to have integrations with applications like twitter/telegram/rediit etc. So when I click on like, upvote, get an email, etc and send it to my inbox. I can create a bot (with AWS lambda) or use zapier (or other tools like this) and react on this events.

Having a way to push only to inbox without need to potential exposing all data will be very good feature.

I can add two suggestions how it can be implemented currently:

Add Additional API token on /developer that allow only push to inbox
Add “webhook” path for inbox which you can turn on/off from settings
- For example POST https://dynalist.io/inbox/<random-user-related-regeneratable-token>

Erica · December 4, 2019, 10:33pm

Moved to Developers as it’s not a Dynalist product feature request. @Shida

Shida · December 5, 2019, 7:39pm

That sounds like a reasonable request. I think we’ll need some time to internally discuss implementation details first. Can’t promise anything yet due to prioritization but I can put this on our tracker for now.

Erica · December 5, 2019, 11:24pm

Can I add a “tracked” tag to this post then?

I80286 · May 14, 2020, 11:42pm

@Shida We got email to inbox some time ago.
Is that something that can be reused for this feature? (Look like it’s same behaviour but through different protocol)