Der x-sw-access-key ist auch für den Clienten / Storefront - Dieser hat dieser lediglich Leserechte, da es eine öffentliche API ist, mehr nicht.
Authentication
The Storefront API has no authentication since it is designed to be a public API. Some user related endpoints require a logged in user.
The access key which you have generated above must always be included in your API request. The custom header sw-access-key is used for this purpose.