Admin/customers API tokens are stored in DB thus forcing Magento to contact storage during authentication which is avoidable, requiring additional cron job for clean up, need extra protection
Solution
Encode information required for authentication into tokens themselves, do not store them
Problem
Admin/customers API tokens are stored in DB thus forcing Magento to contact storage during authentication which is avoidable, requiring additional cron job for clean up, need extra protection
Solution
Encode information required for authentication into tokens themselves, do not store them
Requested Reviewers
@paliarush