Hide some metadata from API?

I’m interested in preventing the files/ resource from showing file metadata through the API. This is one part of a process whose goal is to keep EXIF data from uploaded images private without destroying that data.

Is there a way to easily modify the API so that this effect is achieved? I have tried:

'metadata' => null

in application/models/Api/File.php but that doesn’t seem to work.

I’m also wondering if this can be done through a plugin without touching the application files.

Any pointers?

EDIT: Another option would be to change the API so that a key is required for GET requests to files/. Not sure how to do that either.

I’m a dummy. Instead of setting metadata to null, all I had to do was make it an empty string. I’d still be interested in knowing if there’s a way to make the GET requests to files/ require an API key so that I can keep the metadata available to those who have a key.