In order to protect your endpoints you can enable auth using a Token which is secret and unique per account.
Use it along the
Authorization HTTP header as a
You can enable Mutations, which are disabled by default for security purposes.
It's recommended to enable secret token protection when using mutations