A collegue recently asked what is the point of the nonce on WP JSON API
https://wordpress.org/plugins/json-api/
Since you can generate one without authentication, why bother with the extra step of having them at all?
I didn’t know, and assumed maybe the authentication could be tightened later, but thought I would ask here in case someone knew.
Thanks in advance
