Currently, the API server does not provide any security model or authentication controls. Any client that's able to connect to the API server gains full control over it. Of course, this is not usable in a production environment. Therefore, some means of a bullet-proof access control should be added to the API server.

FastAPI does provide a way to check for e.g. HTTP Basic Auth, which could be enough for the project. It does, however, also provide the full set of security options, which could be used, too.

This has already been implemented and merged into dev branch. See old feature-auth branch.