We are testing REST API using Ajax request from chrome console(without using OAuth 2 access token ). When a instructor was logged in to Blackboard, they are able to 'GET' the course information through REST API.
But when we tried to do 'PATCH' or 'POST', we got HTTP 403 with the message "This request is not associated with a valid session".
If the instructor was able to get the course information, then he should be able to update a course as well?
or Are we able to modify the course with only OAuth token? If so, how is it working for 'GET' without OAuth token?