Read-only API methods unnecessarily require authentication for public-accessible data

It’s quite troubling to see that a lot of Conduit API methods, meant for end users’ convenience, always require authentication. I’ll just list methods that potentially may be needed available publicly if Phabricator instance governs public policy across several applications:

  • badge.search
  • countdown.search
  • differential.diff.search
  • differential.getcommitmessage
  • differential.getrawdiff
  • differential.revision.search
  • diffusion.*query
  • diffusion.querypaths
  • diffusion.repository.search
  • feed.query
  • file.download
  • file.querychunks
  • file.search
  • maniphest.priority.search
  • maniphest.search
  • maniphest.status.search
  • owners.search
  • paste.search
  • phame.blog.search
  • phame.post.search
  • phriction.content.search
  • phriction.document.search
  • portal.search
  • project.column.search
  • project.search
  • slowvote.poll.search
  • user.search

Can I disable auth check for these or I’ll need to create “Anonymous” user and always provide token? (problem with the second approach is that pseudo-anonymous user falls under “All Users” policy, which I would like to avoid)

Public API access is generally not important for paying customers (they are mostly private organizations) so I currently have no plans to expand public/anonymous access to the API.

It’s alright, but how do I disable such checks against API calls, any clues? Mayhaps, I can disable this check for specific methods in *ConduitAPI.php files?