All Helix API requests require an OAuth token.
If you make requests server-side you can just generate an App token for any request that doesn’t require user scopes. If you make requests client-side then you need the user to go through the Implicit auth flow to get the OAuth token required for the API requests.