Correct, all API calls require your application to identify itself. Today, we require that an access token belonging to a user is used in such requests, but we’ll soon have a form of application-only authentication that does not require a user context.
