OAuth interactions: do they count as API calls?
After hammering the login.salesforce.com endpoints today (and getting blocked a couple of times), I've established (at least to my satisfaction) that the OAuth interactions around granting access tokens and refreshing them do not count against the API limits.
More specifically, I've hit the following endpoints 1,000 times each today.
https://login.salesforce.com/services/oauth2/authorizehttps://login.salesforce.com/services/oauth2/token(both grant_type=password and grant_type=refresh_token)
... and the results.
Wait... that's not the result you want, this is.
PS. It's also worth noting that grants and token authorisation are not always human interactions, the Username-Password flow requires no user interaction.