luk, I have just showed example using only login information of the user in the API, but I can see more information.
See Screenshot for Only First User "Lithium-Admin"
Of course we can, this is called "public information"... =), this was the case with API v1 already, it's information that you could gather in other ways as well...
Okay, One of our community is private and one of the community don't want to expose user username all over the community. They don't want to expose any of the user information.
But this api gives information even its a private/gated community. Use of this personal information must have limits and there should be a way by which community manager can disable this from admin or there is any role based permissions for that.
I guess just categorically take away the REST API read permission is not an option (or does it even return data in that case)?
