Change rate limits to only apply on resource creation, not API call #70
Description
What needs refactoring?
The rate limits currently apply to endpoints as soon as they're called, even if the resource creation fails. This should be changed so it only counts on a resource creation.
Why?
This will result in a smoother experience for users. For example, they won't be restricted to a certain number of login attempts in case they forget their password, or they won't be restricted from creating an event if they don't add a name.