Hi @MaciejStanuch,
wondering if this endpoint can be used by the app to check on a user’s permission. We have the user’s account id, the project etc …
Background:
We want to set dynamic webhooks (this can only be done by the app and not from the client via AP.request). A project admin initiates the request via a custom project settings page. To be secure we need to check the user’s permissions from within the app to be PROJECT_ADMIN before setting webhooks - see here for more detail. If this check is not performed, anyone with a valid JWT could craft a request to change this setting.
Any guuidance is much appreciated