Addresses #20 - 2.10

Options:

• API key in URL (random string)
• Some auth method with CORS headers
• CORS - only same domain instead of *
• OAUTH (?)

Depends on use-case of API. E.g. when the API is used by desktop/mobile applications CORS headers are irrelevant and the desktop/mobile application is assumed to be handle all things securely.
CORS headers are only relevant for applications on websites using PrivateBin API. For this use-case we should look at similar APIs, e.g. how GitHub does it.