The /api/webhook endpoint allow trigerring a refresh of the API packages and versions definition according the reference Git repository. However, as of today, it can be publicly triggered without any authorization control 😢
We should add an authorization control using a secret that will be reported on the trigerring side (GitHub hook or whatever) to be sure that only unexpected process will not force refresh from the outside.
The
/api/webhookendpoint allow trigerring a refresh of the API packages and versions definition according the reference Git repository. However, as of today, it can be publicly triggered without any authorization control 😢We should add an authorization control using a secret that will be reported on the trigerring side (GitHub hook or whatever) to be sure that only unexpected process will not force refresh from the outside.