In many APIs, all endpoints require authentication. In others, there may be a mix of protected and unprotected (anonymous) endpoints. These examples show you how to do both.
If you want the user to only have access to a route if they are signed in, require authentication for just those routes.
For some applications, you may want to require the user to be authenticated for all routes.