The API should provide security mechanisms

At the moment, the server is entirely open: any sensor can report any measure, any client can retrieve all emotions. We need some form of identification mechanism (something like an organization, a project or a user). We need authentication (probably with some sort of token). Finally, we must define the authorization model (who can retrieve emotions from an organization?).