I am integrating OnlyOffice into my system and embedding it in my React application. On the backend, I am handling the status callback as described in the OnlyOffice Callback Handler documentation.
I want to ensure that the status callback endpoint is secure and can only be accessed by OnlyOffice. Does OnlyOffice send any authentication mechanism or specific data in the request that can be used to verify that the callback is legitimate? For example, some systems include a secret token or a signature in the callback request headers or body, which can be validated using a shared secret or public key.
Could you provide guidance or best practices for securing this endpoint in the context of OnlyOffice?