we could add a bearer token to the channel policy; /sky/ events and queries would then only be accepted by the pico engine on that ECI when an authorization header bearing the token was present in the HTTP request (otherwise 401 response code)
we could add a rate limiting feature; for example an ECI could be used only once every 10 minutes and if oftener, a 429 response code could be given
Together these could reduce the likelihood of denial of service attacks
A couple of ideas:
/sky/events and queries would then only be accepted by the pico engine on that ECI when an authorization header bearing the token was present in the HTTP request (otherwise 401 response code)Together these could reduce the likelihood of denial of service attacks