Closed BenGardiner closed 5 years ago
we are requiring a global rate-limit on authentication attempts across all API endpoints.
This opens up an obvious means of Denial of Service. If the group wants to accept the additional implementation complexity: we should move to session-based authentication for this version of the API.