Since the app does not provide any hooks for review insert/update, we are posting
custom generated review form request to the app server when review
is added, and from there admin api will be triggered to insert reviews data along with custom entities data. But concerns regarding security in app url info, it can be directly seen thorough browser request and third person can exploit it.