Thread:Talk:Requests for comment/API Future/Token reform/reply (4)

I don't think there's really a good reason for the extra salt in some tokens like rollbacks.... IIRC I added it to them in the web UI because they were done with GET requests via links rather than form submissions, so link sharing could accidentally share a token.

There's not really such an issue with the API, so rollbacks via API shouldn't require any salt. If they do, that's probably something that should be fixed.