Official Web UI API & API endpoint authentication

Hi, I have two related issues that I would love to see in the Web UI before fully committing to Duplicacy.

  1. I would really like to have an official API for the Web UI. It would be nice to be able to e.g. run schedules/jobs by their display id (not the internal id).
    That way the Web UI could be controlled and monitored by external scheduling/monitoring tools.

  2. Right now the API is not protected via authentication. Anybody in my network could call API endpoints and act in a malicious way. Could we at least protect the API via API key or something similar?