Hello Dynalist Team.
Currently API token allows holder to do any read/write actions over all documents.
If this token get stolen all the data will be compromised.
That is the reason why I don’t even want to generate it.
But still I need to have integrations with applications like twitter/telegram/rediit etc. So when I click on like, upvote, get an email, etc and send it to my inbox. I can create a bot (with AWS lambda) or use zapier (or other tools like this) and react on this events.
Having a way to push only to inbox without need to potential exposing all data will be very good feature.
I can add two suggestions how it can be implemented currently:
- Add Additional API token on
/developer
that allow only push to inbox - Add “webhook” path for inbox which you can turn on/off from settings
- For example
POST https://dynalist.io/inbox/<random-user-related-regeneratable-token>
- For example