diff --git a/designsafe/apps/api/datafiles/views.py b/designsafe/apps/api/datafiles/views.py
index 2ce9139292..5890bf6db0 100644
--- a/designsafe/apps/api/datafiles/views.py
+++ b/designsafe/apps/api/datafiles/views.py
@@ -3,6 +3,7 @@
 from boxsdk.exception import BoxOAuthException
 from django.http import JsonResponse
 from django.contrib.auth import get_user_model
+from django.conf import settings
 from designsafe.apps.api.datafiles.handlers import datafiles_get_handler, datafiles_post_handler, datafiles_put_handler, resource_unconnected_handler, resource_expired_handler
 from designsafe.apps.api.datafiles.operations.transfer_operations import transfer, transfer_folder
 from designsafe.apps.api.datafiles.notifications import notify
@@ -56,7 +57,9 @@ def get(self, request, api, operation=None, scheme='private', system=None, path=
                 client = get_client(request.user, api)
             except AttributeError:
                 raise resource_unconnected_handler(api)
-        elif api == 'agave':
+        elif api == 'agave' and system in (settings.COMMUNITY_SYSTEM, 
+                                           settings.PUBLISHED_SYSTEM, 
+                                           settings.NEES_PUBLIC_SYSTEM):
             client = service_account()
         else:
             return JsonResponse({'message': 'Please log in to access this feature.'}, status=403)
diff --git a/designsafe/settings/common_settings.py b/designsafe/settings/common_settings.py
index 9543841da0..e510d0db0c 100644
--- a/designsafe/settings/common_settings.py
+++ b/designsafe/settings/common_settings.py
@@ -545,6 +545,8 @@
 }
 
 PUBLISHED_SYSTEM = 'designsafe.storage.published'
+COMMUNITY_SYSTEM = 'designsafe.storage.community'
+NEES_PUBLIC_SYSTEM = 'nees.public'
 
 # RECAPTCHA SETTINGS FOR LESS SPAMMO
 DJANGOCMS_FORMS_RECAPTCHA_PUBLIC_KEY = os.environ.get('DJANGOCMS_FORMS_RECAPTCHA_PUBLIC_KEY')