synrg
commented
5 years ago See also #8 which is related.
Closed synrg closed 5 years ago
synrg
commented
5 years ago See also #8 which is related.
synrg
commented
5 years ago Not specific enough an idea to be actionable. Can be reopened or new more specific, actionable issues filed if-and-when this is needed.
Because API calls consume resources accounted to the account owning the key, restricting access to API-using commands is a must. One way is to only allow trustworthy to use them. Another is to allow arbitrary users to use them, but only if they provide their own credentials. Decide on appropriate granularity of command permissions (i.e. global, server, channel, user) & credentials storage, then implement the two together.