For more secure usage and scalability of the Whiteflag API, provide OAuth 2.0 as authentication mechanism, instead of only basic http auth. The Whiteflag API does not need to be an authentication server itself; it is may only act as the the resource owner / service provider.
This issue triggers the discussion whether we should push the API beyond being "just" an MVP implementation for protocol evaluation which was not intended for production environments.
For more secure usage and scalability of the Whiteflag API, provide OAuth 2.0 as authentication mechanism, instead of only basic http auth. The Whiteflag API does not need to be an authentication server itself; it is may only act as the the resource owner / service provider.