We should create a simple password system so that it isn't trivial to pollute the dead link fixing log with bogus data. This can probably just be a password that is required to be submitted along with the API requests. The password can be stored in a config file and shared with the bot owners that we want to use the log. This isn't foolproof from a security perspective, but this isn't a tool that needs ironclad security (it's just a logging interface for the Internet Archive to keep track of progress with).
If the API actually proves useful, we can add an OAuth layer later.