For example I cannot invoke [[ https://we.phorge.it/conduit/method/diffusion.tagsquery/ | diffusion.tagsquery ]] without authentication, even though I can access equivalent pages through the web interface. This encourages scraping, which consumes more server resources than a simple API call.
Description
Description
Event Timeline
Comment Actions
If I were starting today I would probably design the back-end APIs first, then make the web interface derive from those APIs, such that web requests and api requests are not really any different, at least with regard to enforcing access controls.
As it is currently, however, many of the conduit APIs are a bit hackish and not all on equal footing with the web interfaces that they mirror. In the case of tags it is probably safe to loosen the access controls on that conduit method if it's requiring a session universally.
I'm not sure that would do anything to discourage scraping though and the easy path to scrape that info would probably be via git instead of conduit.