rest Api jwt authentication for get methodes

The token just authenticates the request as coming from a specific user. You still need to use the permissions callback to check if that user has permission for whatever it is you’re doing. If you omit the permissions_callback argument when registering the route then the route is public.

If you only need to check if there is a user, and not specific permissions, you could just use is_user_logged_in():

register_rest_route( 'v1/', 'info', array(
    'methods' => 'GET',
    'callback' => 'api_version',
    'permissions_callback' => function() {
        return is_user_logged_in();
    },
) );

tech