You can create a REST service to get it for a given community, use authentication and authorisation for the service and don't pass id informations in request.
If you are consuming this service outside the jive domain then you will face the mentioned issue in all the approaches.
Yes I did that way at the end. I was trying to implement it at client side but above issues stood in front.
thanks for your suggestion.