[dsacco]

Yeah, in my experience a lack of centralized authorization checks is one of the most sinister issues in typical API construction. And I've seen pretty wonky reasons (relatively speaking) for not wanting it ("it would take a lot of refactoring", or "that presents a single point of failure").

If you don't set up centralized auth checks and instead prescribe !!!CONSTANT VIGILANCE!!!, you're just setting yourself up for an auth bug in a hastily submitted pull request at 4 pm on a Friday afternoon, when someone is lethargic and ready to head out for the weekend. The code is going to get committed, then pushed to production after three people write a quick "LGTM!" Three months later a bug bounty is going to come in with a snazzy report for you (hopefully).

The better thing to do is 1) abstract all authorization checks to a central source of authority and 2) require the presence of this inheritance for tests to pass before deployment.