Discuss boilerplate API permissions defaulting to not permitted
Description
Currently API views default to AllowAll
permissions. Positive action therefore needs to be taken to lock an API down. Is it better instead that endpoints be explicitly marked as anon accessible?