Comment 5 for bug 385517

That unsigned request scenario sounds sane. But I can still just hack wadllib and launchpadlib to translate /beta URLs to /api/beta, and I work around all the auth/useragent stuff. Why require that at all?

Also, me_link points to /people/+me, and 401s when unauthenticated - that seems to be fine.