Log every authentication attempt
It is important to log every authentication attempt, whether successful or failed, and the userID used. Then, in the log for api calls, we should also add the authenticated userID who made that api call. This was either not implemented in the basic authentication ticket, or it is not working.