Subject: [InfluxData Community] [InfluxDB 2] Attribute data to a token

I am setting up InfluxDB 2.0 on a server which will receive data from multiple untrusted telegraf endpoints.
Each telegraf endpoint will have its own token which can only write to the `telegraf_data` bucket.

Is there a way to filter what data telegraf is allowed to send back such that the token `t1` for host `h1` can only write data to the `telegraf_bucket` with the host field set to `h1`.
If this is not doable is there a way to attribute data to a token so this can be audited later?

From the documentation the only way I can think of doing something like this would be to create a bucket for each host.

Any help/ideas on this would be very welcome.