I guess that's the point of AUTH: it creates a signed event to check. Duh. Sorry.
It's a forward check.
But it's per-session, so you could theoretically AUTH once and then make multiple REQs, right, ChipTuner (npub1qdj…fqm7) ?
Rate-limiting would be per-REQ or per-SESSION?
Or is this again a retarded question?