Since I have this public accesspoint for my syncserver now, can not anyone just use it? What stops them from using my url (https://firefox-syncserver.mydomain.com/1.0/sync/1.5) in their about:config?

   What is the SYNC_MASTER_SECRET for which I set to a 256-bit random key?

   When I navigate to https://firefox-syncserver.mydomain.com/1.0/sync/1.5 in my browser, why does it say {"status":"error","errors":[{"location":"body","name":"","description":"Unauthorized"}]}

Hello. I just set up a self hosted firefox-syncserver on my homeserver. I created a virtual host on nginx which looks something like this: '''firefox-syncserver.mydomain.com''' and have a mariadb database as the backend. In '''about:config''' on firefox, I then set the '''identity.sync.tokenserver.uri''' to '''https://firefox-syncserver.mydomain.com/1.0/sync/1.5'''. Everything seems to work fine, but I still have some questions which I did not find an answer to online. Since I have this public accesspoint for my syncserver now, can not anyone just use it? What stops them from using my url ('''https://firefox-syncserver.mydomain.com/1.0/sync/1.5''') in their '''about:config'''? What is the '''SYNC_MASTER_SECRET''' for which I set to a 256-bit random key? When I navigate to '''https://firefox-syncserver.mydomain.com/1.0/sync/1.5''' in my browser, why does it say '''{"status":"error","errors":[{"location":"body","name":"","description":"Unauthorized"}]}''' I would really appreciate a good answer, as I could not find anything good about these points online.