#Authentication Design for Sensor Integration

I'm developing an integration for an IoT sensor. I'm thinking of using something like a REST API or WebSocket server to make data available, but I'm stuck on the best way to handle authentication. I've looked at a lot of other existing integrations, but it seems like a lot of them don't require authentication, or just use username and password. I'm a little wary of this - wouldn't it be better to exchange some sort of token between my device and HA? It seems like a risk to expose a server on my device without stricter authentication. Or should I not be worried about this?

A little more background about my device:

• It is capable of running local-only, but generally also talks to a backend server
• It sends sensor measurements generated every second or so, and is not capable of receiving commands (or any other messages) over local API

you might be better off asking this question in the dev support section. you need to get the dev role from the channels and roles section to be able to see it