Improve performance by tracking nonces on the API server

Rather than sending an expensive DB update to the SQL server on every API call, it would be better to track the nonces for sessions on the API server, perhaps in memory.  When the API server is scaled out to multiple hosts, this could use memcached which is still much faster than MySQL at simple key/value pairs like this.
