This is not the canonical version of this post.
If you’re involved in creating software APIs, you’ll doubtless find yourself spending a lot of time thinking about security. It seems like every few days another large company is reporting a DoS or DDoS attack against their internet-facing programs; lots more attacks are likely suffered without fanfare.