- [ ] ensure all endpoints that should be authenticated do actually require auth - [ ] e2e functional testing would be nice too
