⁂

@evan I think missing fields should also signify an unauthorized request... I'm not an expert what a "bad request" means, but I would interpret it as "the request does not have all necessary components for the server be able to compose a valid response".

An authorization header is not part of that in my opinion, but I'm willing to entertain the idea. :)

(Also I'm pretty sure I'm appending the created timestamp... but maybe I missed to test for that... I'll get back to you if it's my problem)