I have a wiki (1.24.0) which is only readable to authenticated users:
$wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false;
Unfortunately this also makes it impossible to access the watchlist feed.
<?xml version="1.0"?> <api> <error code="readapidenied" info="You need read permission to use this module" xml:space="preserve">
IMO this is wrong. There's watchlist token exactly for that.
In the MediaWiki-General channel on IRC I was told to open a bug report.