Add some type of API security.

[robert-pathy]

At the moment the API has no security preventing un-authorised access to its functionality.
This might be a good time to brush up on OAuth :)