From 39a6780815cb0791063332cc273a3ef857cf84b3 Mon Sep 17 00:00:00 2001
From: Shahed Nasser <shahednasser@gmail.com>
Date: Thu, 26 Sep 2024 16:04:27 +0300
Subject: [PATCH] docs: add note about authentication opt out (#9298)

Closes #9268
---
 .../api-routes/protected-routes/page.mdx                    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx b/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
index 0663031a0d..163b9257c2 100644
--- a/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
+++ b/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
@@ -108,6 +108,12 @@ To access the authentication details in an API route, such as the logged-in user
 
 The `auth_context.actor_id` property of `AuthenticatedMedusaRequest` holds the ID of the authenticated user or customer. If there isn't any authenticated user or customer, `auth_context` is `undefined`.
 
+<Note>
+
+If you opt-out of authentication in a route as mentioned in the [previous section](#authentication-opt-out), you can't access the authenticated user or customer anymore. Use the [authenticate middleware](#protect-custom-api-routes) instead.
+
+</Note>
+
 ### Retrieve Logged-In Customer's Details
 
 You can access the logged-in customer’s ID in all API routes starting with `/store` using the `auth_context.actor_id` property of the `AuthenticatedMedusaRequest` object.