Filter requests that don't have an API token authorized to read or write a specific scope;
and use it for the posts API