Currently, we allow the creation of a TD with an id inside, but the POST /things endpoint should only accept Anonymous TD.

I believe the correct behavior is to reject the request by returning a 400 Bad Request.