ntfy's access control mechanism can be used to configure authentication and authorization.

By default, DANIAN configures ntfy as a private instance. auth-default-access is set to deny-all.

Info:
The web interface is open to all and can be used to send/receive notifications from one or more ntfy servers. Keeping the UI unprotected is harmless as it's purely a frontend application and one cannot send and receive notifications without authentication.