It’s funny, I was recently looking for this exactly. As far as I know, accessing the Open edX is not documented anywhere. I found some answers by digging into the edx-platform source code.
First, it looks like every endpoint is protected by a different set of authentication mechanisms. You should check the source code of the endpoint you are interested in. For instance, the /bookmarks/v1/bookmarks/ endpoint is protected by BearerAuthenticationAllowInactiveUser (among others). Here is the source code of this endpoint: edx-platform/views.py at open-release/koa.master · edx/edx-platform · GitHub
It’s relatively easy to make use of the BearerAuthenticationAllowInactiveUser authentication mechanism. You should get or create an authentication token for your user in the admin, at /admin/oauth2_provider/accesstoken/. Then, include the “Authorization” header in your request with the value "Bearer <yourtoken>".
Here is a complete example using the staff user from the demo.openedx.overhang.io platform (see docs for login and password):
$ curl "https://demo.openedx.overhang.io/api/bookmarks/v1/bookmarks/" -H "Authorization: Bearer I4rKuxsKU6sFAkHVpHOJcUXh4CWHtV"
{"next":null,"previous":null,"count":0,"num_pages":1,"current_page":1,"start":0,"results":[]}
Note that this token will no longer be valid starting from 2021-04-16T06:00:00Z, as the demo platform will be reset and the authentication token will have a different value. You should get the latest token value here: https://demo.openedx.overhang.io/admin/oauth2_provider/accesstoken/
Converting this curl command to postman is an exercise that is left to the reader.