Im planning out a custom connect sync application and trying to workout what the use of session_cookie is for. Looking at the API endpoints, you get the session_cookie when you log in but I cannot see any endpoints that use the session cookie.
For example, the entry endpoint only needs the xid and there are no needed headers aside from the application type:
curl -X GET http://localhost:8080/rest/1/entry/MzRlM2RhZTAtMzc1YS00YTBjLTk5ODMtYzQzYTBiMDFiNWFh" -H "accept: application/json;charset=UTF-8"
So whats the point in the session_cookie or where does it get entered in the query?