GraphQL API access controls

Figured it out. The documentation had me a bit confused. Might be worth updating the docs with info about how to set and use API tokens in the context of the Graphql plugin. Thanks!