The next thing is to add the [Authorize] attribute to the API controller action. Let's test this with the GetCustomers(id) method:
// GET: api/Customers/5
[HttpGet("{id}")]
[Authorize]
public async Task<IActionResult> GetCustomers([FromRoute] Guid id)
Calling it from the Postman yields the following output:
So, our request is not authorized anymore. We got a reply that we need to send a token in order to access the resource. Let's get the token, then.