The article Identifying the customer in Get Customer and Get Customer Detail calls outlines the ADR should pass the access token as a Bearer token in the Authorization header of the request to the Get Customer and Get Customer Detail endpoints.
The current banking API docs (https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-banking-apis) make no mention of passing the access taken nor in the sample requests provided - do the artefacts need to be updated?
The Authorization header is dealt with within the Information Security profile and upstream standards. Notably RFC 6749 provides context.
The ADR needs to obtain an access token (representing the consumer's consent) from the data holder and supply this as a bearer token for all authenticated endpoints.
Is it correct to assume the use of the Bearer token is applicable for all Banking and Common API endpoints (not just the Get Customer ones)?
No. The other two common APIs (Get Status and Get Outages) are public endpoints and don't require any authentication. They are similar to the Get Products and Get Product Detail end points.
And in relation to the first question above - is there any possibility we can get a sample request format for the above which contains the Authorization header Bearer token?
RFC 6749 provides examples which hopefully cover the format of the request.