My website is private. If you visit it I will sue you.
If someone bypasses authentication I understand but if your api is open on the public internet on purpose, you don't get to randomly declare what's private and what isn't.
> mycoolsite.com is the same as mycoolsite.com/api/bb8d4cc4-1453-473b-8594-95db0f41877d/3c9242b8-2394-48c1-9643-618ca38eb13d for which you'll also need these dozen parameters and custom headers for, which there is no public documentation for
If someone bypasses authentication I understand but if your api is open on the public internet on purpose, you don't get to randomly declare what's private and what isn't.