Lock down the open invite endpoint on the distrubutor
We only want open invites to be requested by the telegram bot, so we should have that endpoint take an API key of some sort and only respond to requests if it matches one we know about.
We only want open invites to be requested by the telegram bot, so we should have that endpoint take an API key of some sort and only respond to requests if it matches one we know about.