In https://github.com/matomo-org/matomo/blob/3.12.0-b1/core/Tracker/Visit.php#L123 we already check early whether the site exists before doing any "work".

The same way we should check if a tracking API parameter is used that requires authentication very early in the request (after the site request). We're wanting to this for tracking API request parameters where we know the request would fail otherwise.

We're wanting to do this after manipulateRequest() was called. So basically here: https://github.com/matomo-org/matomo/blob/3.12.0-b1/core/Tracker/Visit.php#L131

Like cdt, region, city, country, long, lat (and other tracking parameters that fail in Piwik\Plugins\UserCountry\Columns\Base).

If any of them are set, and request is not authenticated, we fail right away. The tracking failure should be still logged which is done in Request::authenticateTrackingApi() and should just work automatically.

To validate cdt it may be enough to call $trackerRequest->getCurrentTimestamp() which will then trigger the exception.

For the location tracking parameters we would throw an exception like in Piwik\Plugins\UserCountry\Columns\Base::getUrlOverrideValueIfAllowed().

We probably don't need any tests for this as behaviour should just stay the same. need to make sure though (eg manually) that when using one of those parameters, and we are not authenticated with token_auth that a tracking failure is triggered