Charlie Jonas

> significantly affect real automated use by any page that hasn’t got itself an API key yet In my opinion we should be very strongly urging people not to use...

> GitHub for example allows 50 read-only request per day Forgotten I'd written this ☝️ . It's probably relevant to the discussion under #552 somewhat. If we do want to...

Helpful: http://www.inanzzz.com/index.php/post/sz5m/implementing-an-api-rate-limit-feature-in-a-symfony-application

Fab ok - I've removed the GDPR tag. Maybe adding new admins to shows could be something that only users who have confirmed their email address can do?

As @GKFX mentioned in #610, this issue now seems to only affect venue admins. I closed that ticket in favour of this just because there was slightly more discussion here.

How are new Camdram admins currently added to the system? Is it by a manual change to the database?

I propose we `mkdir /usr/local/scripts`, initialise a local git repo there and shove all our scripts + runbooks in there. That way we can run eg. - `/usr/local/scripts/snapshot` - `/usr/local/scripts/backup`...

Should we consider deleting records from `acts_api_access_tokens`, `acts_api_auth_codes` and `acts_api_refresh_tokens` that have expired longer than, say, 60 days ago? Is this data at all useful to keep for abuse tracking...

I suggest we put this on hold until #110 (and possibly #323) have been fixed.

Ah yes ok - sorry I was conflating people and users!