A PUT request would have an extra header that contains the ID of the app dev. This header would be filled by the Safe app launcher whenever an app makes a call for a PUT request.
Of course that is hackable by the user. You could create a modified version of the safe app launcher that instead fills the info with your own ID. That’s a vulnerability. But if the reward is low enough, it will not be worth it to use a modified version of the safe app to gain a very small rebate on your PUT request.
Of course, I’m not a dev, there might be other ways of doing it.