As an editor I want API users to be restricted in how much damage they can cause in order to make it harder to vandalize the data and harm the project.
List of things to check:
- rate limiting is happening (T301970)
- abuse filters are processed and obeyed (T326093)
- blocked users/IPs can not make edits (T326954)
- a protected Item can only be edited by accounts that should be able to edit it
- URLs on the spam block list can not be added as values (T326955)
- the above items have been checked and are working as expected
- What's currently in place for the action API?
- How do we want to do things (potentially differently) for the REST API?