@Simos Try removing the View Users privilege. Although that will disable the other routes as well like /api/user/uid/<uid>
Creating topics with API ignoring permissions/privelges
Sorry with all the questions...
Is there a way I could, for example, disable public members being able to post in a certain category but make the API create a topic in that category as a 'public' member ignoring permissions (using master token).
We had a feature similar on IPB, so we stopped people being able to post into the donation category (and being able to 'fake' a donation and stop having the need to manually confirm each donation), however, the PayPal IPN module could 'ignore' those permissions and still post in there, using the donators ID to create the topic as them.
I've just finished working on my automated topic creator which gets triggered by PayPal's IPN and just wondered if I could implement the same.
It's not possible to do exactly what you say, but it is possible to accomplish a similar thing by creating a NodeBB plugin which implements the API endpoint you want, instead of using the built-in API.