If I need to perform an action on the user's account, such as canceling an invoice or terminating a service, there is currently no way to ensure that the user is the legitimate owner, as anyone can inject third-party data without any form of validation.
There should be a form of identity verification, similar to what is found in Chatwoot, Intercom, and other platforms.
In other words, when predefining the user's information automatically (as described in https://docs.typebot.io/editor/variables#prefilled-variables), there should also be a parameter for a hash that can validate the user's data.
If I need to perform an action on the user's account, such as canceling an invoice or terminating a service, there is currently no way to ensure that the user is the legitimate owner, as anyone can inject third-party data without any form of validation.