* reorder authentication to be: token, then oauth, then cookie
* all APIs but tokens are accessible anonymously (so add mappings to the list)
* fix mapping order
* my_tokens endpoint moved to normal index
* remove secured_by from metacodes/users
* ch ch ch changes
* mess with template
* fix securedBy
* convenience open
* gross authentication notes at the top of every endpoint
* better ordering
* move login tutorials into security tab
* oauth tutorial
* getting closer
* remove unneeded Endpoints header
* ok looks OK
