Hi: After the Apache APISIX instance is started, the current Admin API does not have any authentication verification mechanism, which is very insecure for users.
I recommend adding a simple KEY token authentication to the Admin API. For example, specifying a whitelist of allowed tokens directly in `conf/config.yaml` might be an easy way. -- *MembPhis* My github: https://github.com/membphis Apache APISIX: https://github.com/apache/incubator-apisix
