For the record, here are some of the open questions about the editing endpoints that have com up today. They all boil down to the question of what functionality of API:Edit will be supported, and how, and when. Most importantly:
- How to we detect edit conflicts?
- Do we need CSRF tokens, or is requiring OAuth Authorization headers sufficient?
- Do we need review from the security team?
- Will the implementation be cased on EditPage?
- if yes, is there anything we need to change about it (like CSRF checks)?
- if yes, do we plan to address the debt associated with that?
- if no, is it clear what permission checks and rate limits need to be applied?