Maybe not the easiest workaround, but have you considered to limit the endpoint to a certain IP?
Here is an example for Apache .htaccess:
Deny from all
# 220.127.116.11 is at least one address for api.rach.io, add more IPs as needed
Allow from 18.104.22.168
Alternately, you can make the endpoint a secret https://ddnsaddress:5556/webhook-rachio-mV4uYIGCHaKQ, these days basic authization is far from secure (sent as clear text, just base64 encoded), authorizing via a secret URL is much more secure since only one endpoint could be compromised at a time, which is close to impossible with a proper SSL cert & enforcement.