Not everyone is aware that AJAX calls can be very easily hacked. If you don't secure your AJAX connections you might get cheated, your database might get polluted or in worst case you might loose all your database data.
I wrote a short tutorial about the basics that can be done in order to secure yourself from uninteded AJAX (sever api) use.
Here it is:
How to secure Construct 2 AJAX connections?