Data-item-url for non-public urls

The docs say that the data-item-url is optional since 3.2.2 and up only. What if the url isn’t public? i.e, the user must be logged in. Previously my solution was that I had a “hidden” (but public) url doubling the shop url in order to validate the item’s data. Do I still need to do this?

The crawler needs to access the data, if the page is private, it probably won’t. Unless you code in an exception. The solution would be to use the JSON crawler. You may find the information here : Order validation – Snipcart Documentation