API clients using basic authentication currently trigger a re-creation of tokens on every single request.

To reduce the load, the tokens should be cached and reused until they expire.