diff --git a/application/controllers/Api.php b/application/controllers/Api.php
index e28d2dfe0..a74b3af6d 100644
--- a/application/controllers/Api.php
+++ b/application/controllers/Api.php
@@ -653,6 +653,13 @@ class API extends CI_Controller {
 				break;
 		}
 
+		// Handle optional cat_url
+		if (isset($obj['cat_url']) && !empty($obj['cat_url'])) {
+			$cat_url = $this->sanitize_callback_url($obj['cat_url']);
+			if ($cat_url !== false) {
+				$obj['cat_url'] = $cat_url;
+			}
+		}
 
 		// Store Result to Database
 		$this->cat->update($obj, $user_id, $operator);
@@ -1126,4 +1133,28 @@ class API extends CI_Controller {
 		echo json_encode(['status' => 'successful', 'message' => 'Export successful', 'statistics' => $data]);
 	}
 
+	/**
+	 * Sanitize and validate callback URL
+	 * @param string $url The URL to sanitize
+	 * @return string|false Returns sanitized URL or false if invalid
+	 */
+	private function sanitize_callback_url($url) {
+		// Basic sanitization
+		$url = trim($url);
+		
+		// Check if URL is valid and uses http or https
+		if (!filter_var($url, FILTER_VALIDATE_URL) || 
+			(!preg_match('/^https?:\/\//', $url))) {
+			return false;
+		}
+		
+		// Remove trailing slashes
+		$url = rtrim($url, '/');
+		
+		// Additional XSS cleaning
+		$url = $this->security->xss_clean($url);
+		
+		return $url;
+	}
+
 }
diff --git a/application/models/Cat.php b/application/models/Cat.php
index 7d03bbde2..638ea75c9 100644
--- a/application/models/Cat.php
+++ b/application/models/Cat.php
@@ -27,6 +27,11 @@
 				'timestamp' => $timestamp,
 			);
 
+			// Handle callback URL if provided
+			if (isset($result['cat_url']) && !empty($result['cat_url'])) {
+				$data['cat_url'] = $result['cat_url'];
+			}
+
 			if ( (isset($result['power'])) && ($result['power'] != "NULL") && ($result['power'] != '') && (is_numeric($result['power']))) {
 				$data['power'] = $result['power'];
 			} else {