I am working on the open commerce api on SFCC, I found out something weird and wanted to know why. When making a get request from the Shop api, the Bearer is not compulsory but on all other requests (patch, post, put, delete...) the Bearer is required. Anyone knows why ?
The GET requests only fetches data without any modification to the data. All other request methods are usually used to modify data in the backend:
POST -> Create resource
PUT -> Update resource with replace
PATCH -> Partially update resource
DELETE -> remove resource
Also see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
For that reason you have to authenticate with the OCAPI if you are using one of these methods.