Your question has been submitted and is awaiting moderation.
I have a system (7.2) with several modules all that use the Web API to retrieve the data. Everything appeared to work fine under HOST credentials. When I tried it out as a regular user I kept getting a 401 error on the web service claiming access denied.
I finally traced it to the validateantiforgerytoken on the web server. If I remove that everything works as it should. Is there anyway to trouble shoot this? Does anyone have a suggestion on what the problem could be?