I see that a
User-Agent header is added for HTTP request queries with the value
Retool/2.0 (+https://docs.tryretool.com/docs/apis). I want to check this header on my server to verify whether the request came from retool and only cater to the HTTP request if so. I don't think hardcoding the check to match
Retool/2.0 (+https://docs.tryretool.com/docs/apis) would be a good idea since the header value may change in the future. For this, I would like to understand how this header value is set and whether there is a pattern I can match it with so that the check remains valid.
PS. I am not focussed on the possible workaround where clients other than retool can also add this header with malicious intent.
Alternate question - Is there another way I can use to check whether the request came from retool? I do not want to use secrets, for now, just a minor check would do.