Session-based authentication is the third and most simple type of authentication in Magento. We do not have any complexities of token-passing here. As the customer, we log in to the Magento storefront with our customer credentials. As an admin, we log in to the Magento admin with our admin credentials. Magento uses a cookie named PHPSESSID to track the session where our login state is stored. The Web API framework uses our logged-in session information to verify our identity and authorize access to the requested resource.

Customers can access resources that are configured with anonymous or self-permission in the webapi.xml configuration file, like GET /rest/V1/customers/me.

If we try to open the http://magento2.ce/rest/V1/customers/me ...