I'd propose to add a way to secure the sensor endpoints using a HMAC-SHA256 over the value, with a single shared secret for the Space API server instance and all clients.

value = 3
mac = hmac_sha256(value, secret)
send_request(data={'value': value, 'mac': mac})

Advantages

• You can only create a request if you know the secret.
• Easy to manage because there's just one secret.
• The message integrity is guaranteed.

Disadvantages

• Vulnerable to replay attacks
• Secret is shared between all sensors.

Alternatives

• TLS, but that's too heavy for embedded devices.
• A secret per sensor, but that's a bit more complicated to set up. Not too much though, I actually think this might be a good idea. It doesn't solve the replay issue though.
• Use a one-time session ID that can be requested from the server (challenge-response). It's a bit more complex because it requires 2 requests instead of 1, but might be worth the effort.

I'd like to implement this, but would be happy about feedback :)