In order to add something to the cart or proceed to the checkout, user must be past authentication (he must be logged in), or the client must request an anonymous token, which is an equivalent of a session id. Both being logged in, as well as having an anonymous token, let user perform any operation related to his shopping cart/account and checkout.
Getting anonymous token
Working with user tokens
Token is an identifier returned both after successful logging in or getting anonymous token. In every case, the token is returned as the response body.
Example token (trimmed)
To make any operation on cart/user profile, in other words: access restricted resources, the token must be added to the request header:
Authorization: Bearer eyJraWQiOm51...
Validating the token
Token lives for a limited time. In order to check if the order is still valid, use:
Authorization: Bearer [token]
If the token is still valid, you will get the same token echoed in response.
If the token is still valid, but soon to expire, you'll get the new token that will prolong the session.
If the token is not valid, you'll get a