Currently anyone can POST data to a Codespeed instance. Some kind of security is needed. Either proper authentication or a simpler secret key.
I couldn't find any reference to an authentication mechanism in Codespeed other than two closed issues, this and #145. Is it supported now?
The API-based implementation was removed due to the committer not resolving all problems. So no, there is no authentication yet.
I see. Is there any other way to limit POSTing to Codespeed?
Currently not. I plan to look into it next though.