The customer ID is not required to be present in the resource path for calls to endpoints Get Customer and Get Customer Detail. Is that correct?
That is correct, the customer resources, Get Customer and Get Customer Detail, do not require the customer identifier to be present in the resource path.
This is because the customer context is derived from the active customer consent, which is represented by the access token the ADR uses to call the associated end points.
The ADR does not need to provide the customer ID in a header. The Data Holder must check the "sub" claim associated with the access token provided. The "sub" claim is the pairwise pseudonymous identifier acting as the customer reference. See CDS Scopes and Claims for more details.
Is the access token passed as a bearer token in the Authorization header?
That is correct, the customer ID is presented as a bearer token.