Not "secure" to be trusted for "public" users...

[oderwat]

To make this clear. This software could be extended to be used by "anybody" but the owner of the Gateway would be able to gain access to any Storage used by its users.

I wonder if there is a way to implement it in a way that this is not possible and create an universal public gateway...

Ideas?

[McBochi]

If I understand that right, there is no such possibility when using the "proxy" (gateway).

Only thing I could imagine would be to send the callback directly to the user, which would require some kind of client-server architecture. And this way there is no real gain...
Please correct me if I am wrong!

Another thought: Might a "standalone" version using the builtin webserver of PHP and bound to just the localhost be interesting?
This way users that mainly want to use this on one host would not have to expose this to the outside world.

[oderwat]

Having a standalone version with PHP could be done but then you have to provide a way to run it as service / daemon. I was thinking about a golang version (my slack integration uses a sevice library which works multi platform) but I do not work with go anymore and for Nim-Lang I am doing other things then reimplementing stuff which works for me since months :)

About the security: I think there is no way which could not be used malicious because you will have the token to the data-store anyway. It could be extended so that some people which trust each other can use the same proxy or to support multiple accounts. But thats all not important enough for me to spent time with the implementation.