REST API headers and whitelisting

Testing out REST API. Having issues with rest api.
I am able to login successfully but not able to get data from the server on the app.
Although the same calls work fine on the browser.

  1. Can someone help with an example of GET API with the exact header requirements?
    How is the sid token supposed to be sent?

  2. Also what is the whitelisting method for? Since all GET calls are working for me without whitelisting anything.

Can someone help with an example of GET API with the exact header requirements?
How is the sid token supposed to be sent?

I think https://frappe.io/docs/user/en/guides/integration/rest_api provides a comprehensive guide for everything REST in Frappe

Also what is the whitelisting method for? Since all GET calls are working for me without whitelisting anything.

Only whitelisted methods can be called under /api/method/path.to.method else a message “You do not have enough permissions to complete the action” is sent back