REST API, POST jsonp and authentification token

REST API, POST jsonp and authentification token

Hello,

It seems than when using the Jquery $.ajax(type='GET') authtoken is correctly checked and no data can be retrieved if authtoken is wrong. When authtoken is correct, request status is success and data is correctly retrieved. This is, I guess, normal behaviour.

But, when using the Jquery $.ajax(type='POST')

  1.  $('#signIn').on("click",function(){
  2.       var formData = $("#userForm").serializeArray();
  3.       $.ajax({
  4.             type: 'POST',
  5.             data: formData,
  6.             url: 'https://creator.zoho.com/api/******/json/*********/form/User/record            /add/?authtoken=*********************&scope=creatorapi',
  7.             }).complete(function(data) {
  8.                   console.log(data);
  9.             }).fail(function() {
  10.                   alert ('fail');
  11.             });
  12.       });
    });


I have two issues :

1- It's impossible to get this request working with dataType='jsonp'. Since it is cross-domain, status will always be fail and no response retrievable. Record is added correctly though if dataType is not set. Any way to make the POST request works correctly?

2- Record is ALWAYS ADDED even when authtoken is wrong or not provided. Does this mean anyone can add data in my ZOHO CREATOR by using an ajax POST request ??

Thanks for anyone who can help me.