Consider whether something within your app’s own logic is mistakenly creating the infinite loop.
Regardless, you could secure the publicly available workflow using some type of authentication–even if only rudimentary.
- You could use whatever method your payment processor uses to sign its API calls, although some (e.g., Stripe) can be complex and difficult to implement in Bubble.
- You can use Bubble’s
api_tokenparameter with a dedicated API key, although that’s unnecessarily permissive. - You can use an ad hoc unique parameter.