I am using the Survey Monkey api to get the url's of surveys I have created which allows me to display surveys from within my application. To do this I have to send my key and authorization with the request.
What concerns me is that Survey Monkey has an api 'create_flow' that allows surveys to be created. Using fiddler I can see my requests including the key and authorization token. As far as I can see, this means that anyone could use this information to access the api and create a new survey on my account, which I do not want.
Is there any way to stop someone from creating new surveys using the API and the auth token? I'm not really bothered about people getting access to the survey details or Uri's as all they can do is post junk survey results that only I will see, but I absolutely don't want anyone else to be able to create a survey that will be presented to all my users with potential malicious text.