Allow all API calls, even if the site is configured as private. The

API Actions will decide whether something requires auth or a redirect.

index.php

@@ -239,6 +239,7 @@ function main()
     if (!$user && common_config('site', 'private')
         && !isLoginAction($action)
         && !preg_match('/rss$/', $action)
+        && !preg_match('/^Api/', $action)
     ) {
         common_redirect(common_local_url('login'));
         return;