Should require a password or something to be included (or maybe an IP whitelist as an option)
Something like this:
Request
{
"action": "listPlayers",
"password": "hunter2"
}
Response
{
"status": "success",
"players": ["joesmith64", "player42069", "yesman2"]
}
or
Request
{
"action": "start",
"password": "hunter2"
}
Response
{
"status": "success"
}
or error examples:
Request
{
"action": "invalid_command",
"password": "hunter2"
}
Response
{
"status": "error",
"error": "Invalid action 'invalid_command'."
}
Request
{
"action": "start",
"password": "hunter1"
}
Response
{
"status": "error",
"error": "Incorrect password"
}
Request
{
"action": "start",
"password": "hunter2"
}
Response
{
"status": "error",
"error": "Server already running."
}