HI friends,
So the problem is that every one can send request to the app proxy url using for example Postman?
How to secure the proxy url? Even with checking HMAC signature. if you paste store proxy url in postman the request contain the needed params for validating the HMAC
"shop" => ""
"path_prefix" => "/apps/app-manager"
"timestamp" => "1621510474"
"signature" => "2c1ff79fbac40e29b6489967be53751086a6d117d9292c7efa0cb81d67d19a52"