When i register an app with kite trade, i expose a redirect URL on my server, where the request token will be posted by kite trade upon successful login. I want to secure this redirect url on my server using some secret so that anybody with the knowledge of the URL cannot fire a call, without authentication - so i was wondering if kite trade can also accept a configuration(alongside redirect url) such as a certificate or a username/password , which it can use to authenticate itself, before calling the redirect URL. I did not find any material regarding this. It would be nice if you could help me with the security model here.