Problemunvalidated

The user opened a public ngrok tunnel to a local Flask endpoint for Shopify webhooks and worries someone could guess the tunnel/endpoint IP and send unauthorized requests. They want to know whether adding `--verify-webhook` makes the tunnel exclusive to Shopify webhooks or if vulnerabilities remain.

5f553f9a-ef4c-49f3-84c1-40ce1b3b410b

The user opened a public ngrok tunnel to a local Flask endpoint for Shopify webhooks and worries someone could guess the tunnel/endpoint IP and send unauthorized requests. They want to know whether adding --verify-webhook makes the tunnel exclusive to Shopify webhooks or if vulnerabilities remain.