It's important to architect your APIs in a way that can't be spoofed by a mischievous client application.
