I've created an add-on so I can post to my blog from phone and I've just realized it has no security at all, w which means anyone could have posted to my blog! (I've taken it down now of course).
Options (if there are others, please let me know):
- send Statamic user account in URL request (I use HTTPS but if others don't then it's in plaintext)
- use authorization token in the add-on config file
Are there other options? I don't have the ability to set Headers or anything in the HTTP request.