I would like to know why I can’t send a custom header on the command to download the push-package or at least to execute the command in the backend, because I think someone from outside is able to download my push package if they know the web service URL and website push ID, right?
Consequently, they can have access to my authenticationToken, which is a sensitive data. So, do you have any tips of how to protect the push-package to not be downloaded by someone without authorisation?
Also, about the log command, since it does not allow to also send any custom header, it does not make the API vulnerable to spam on the web service side? What should I do to avoid that, if someone from outside discovers how to have execute this endpoint ir particular?