Tuesday
Friday
You could also do this with a Webhook recipe. It's a bit easier to set up compared to the API platform.
It's also possible to do this via the API platform, and the benefit might be that you can control the response to the browser, but I'm honestly not sure about that. Hope this helps.
Friday
Thanks @gary1 for clear explanation The only reason for API was for security.
Friday
Even if you used the API platform I think you'd need to encode the access token into the URL to call the endpoint, so security kinda goes out the window.
I can't think really think of a way to protect the endpoint, but you can at least verify the email_id against a list of known IDs to ensure the call is coming from an email recipient before routing to the next recipe/process.
I could be missing something so if you have ideas on how to secure the endpoint using the API platform, please share!