External service parameters should be checked with the native validate_parameters function and not "manually".
At least one permission should be added to allow only specific users to access the external services (e.g: the user role, for authenticated users). Or a call to the native require_login function and check that it's not a guest.
Because as it is, anyone can call the external services and burn credits.
Other
It may not be necessary to use the GuzzleHttp library to call your API. Moodle uses the PHP extension cURL.
Some services don't fully match the API. E.g: The response from local_inokufu_get_search is not the same as a direct call to your API.
validate_parameters
function and not "manually".user
role, for authenticated users). Or a call to the nativerequire_login
function and check that it's not a guest. Because as it is, anyone can call the external services and burn credits.Other
local_inokufu_get_search
is not the same as a direct call to your API.