I would recommend using a valid Bearer token for every request. Requests on behalf of a user using User Access Tokens and other requests using an App Access Token.
That particular endpoint does not require a valid token, as long as you specify at least one id or login.