We have consumed Zerodha Kite API for our elixir application. We would like to know if we can whitelist Zerodha ip when Kite login redirects to the registered redirect url(mentioned in the dev console). This helps us to expose our registered redirect url only to Zerodha and prevents any security attacks.
If it is possible, please provide us with Zerodha ip which calls the redirects url.
Is there anything which is unique in Zerodha's request that says that it comes only from zerodha. Or any other info which helps us authorize that it is zerodha call.
PS: How do you validate requests on a public URL? The point of public URL is anybody can send request right?