The current implementation appears to require only a username, with no password or token involved. From a security perspective, this is not recommended. We suggest enhancing the authentication method by implementing a more secure mechanism—such as token-based authentication or API key validation—to ensure compliance with security best practices. This seems to be the authentication currently supported by Assembled. While it’s not a blocker for us, we recommend enhancing the security by requiring token-based or password-authenticated API access. Right now, knowing the API key alone is enough to trigger APIs, which poses a risk if the key is exposed.