I was being really stupid today, and forgot to urlencode '+' when using checktoken module. It'd be cool for people making that stupid mistake, if the api module gave a warning if the proposed token ends in a space followed by a \.
The output when done properly should look something like this:
{ "warnings": { "checktoken": { "*": "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL." } }, "checktoken": { "result": "invalid" } }