diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php
index c00f57621d..1d85115e8a 100644
--- a/web/api/app/Controller/AppController.php
+++ b/web/api/app/Controller/AppController.php
@@ -55,13 +55,17 @@ class AppController extends Controller {
 	// then you are logged in
 	// its pretty simple to extend this to also check
 	// for role and deny API access in future 
+	// Also checking to do this only if ZM_OPT_USE_AUTH is on
 	public function beforeFilter() {
-		if (!$this->Session->Read('user.Username')) 
-		{
-			
-			throw new NotFoundException(__('Not Authenticated'));
-			return;
-		}
+		$this->loadModel('Config');
+        	$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
+	 	$config = $this->Config->find('first', $options);
+        	$zmOptAuth = $config['Config']['Value'];
+        	if (!$this->Session->Read('user.Username') && ($zmOptAuth=='1'))
+        	{       
+        		 throw new NotFoundException(__('Not Authenticated'));
+        	 	return; 
+        	}     
 		
     }