I need to create a website with this service that has a login page and accepts exactly the token that is provided when registering for the service. However, the GET URL returns results even with the missing or incorrect token, while the POST URL forcibly creates a new user. What can I do?
Token is not required for GET requests, as all read requests are public accessible.
If you pass the correct token in GET requests then it will return the pubic posts + post that you created/modified.
POST creates the new user only if given email does not exists.
User created/modified data is retained upto 6 days.
The data created or modified by the user is only visible to that user (provided he passed the correct token in the get request)