Studio API version
1.0
1.) Right now there is a rate limit in place, but only for publicly available (without auth) endpoints. But there should also be a general rate limit for all studio endpoints, even though it can be a bit less strict.
Inject a configurable symfony rate limiter into AbstractApiController (or similar). Additionally it would be good practice to set the according headers for rate limiting, e.g. x-rate-limit-remaining and others.
2.) Make sure that the reset password rate limiter is configured inside studio and doesnt rely on any core configuration.
Studio API version
1.0
1.) Right now there is a rate limit in place, but only for publicly available (without auth) endpoints. But there should also be a general rate limit for all studio endpoints, even though it can be a bit less strict.
Inject a configurable symfony rate limiter into
AbstractApiController(or similar). Additionally it would be good practice to set the according headers for rate limiting, e.g.x-rate-limit-remainingand others.2.) Make sure that the reset password rate limiter is configured inside studio and doesnt rely on any core configuration.