Add authentication to all endpoints that update lot state

[bmzhao]

Requires planning out authentication method (perhaps basic auth + https using a pre-shared key on all pis)

[baoqchau]

Are we doing this on our own or should we use AWS services? I found this article doing this in AWS
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html

[bmzhao]

Hey @baoqchau, thanks for the link! We still don't know whether we will have our own servers, or if we have to deploy on AWS/GCP.

Since the only endpoint that requires authentication is the post endpoint that updates the state, I'm thinking about a pre-shared key in the pis, and if we're using our own servers, setting up basic auth with ssl termination using nginx.

If we end up using AWS/GCP, then we're probably gonna have to use the provided AWS service you linked or the associated GCP one.

I don't know what usually is the best practice for this sort of thing so any suggestions are welcome!