Since the ReadingLists API uses JSON parameters for batch writes, and that's not natively understood by the API framework, it does not include some things that API modules normally get for free. Specifically:
- strings in the JSON data should be normalized the same way the API normalizes other parameters (NFC etc)
- there should be a limit on the number of items that can be included
- the limit should be expressed in the paraminfo API and in the maxItems field of the Swagger spec (and the Swagger spec could also include the max response size while we are there)
- there should probably a length limit for the full JSON string, just in case
(This is a follow-up to T182052: Batch reading list operations.)