Rate limit login attempts

[williamleven]

There should be a rate limit if you provide an incorrect key to prevent brute force attacks.

[williamleven]

There might be a point in rethinking the api's security. A pre-shared key is maybe not the optimal solution