We take advantage of Netlify Identity and Apollo client links to pass the user's Bearer token to the GraphQL API running on Netlify functions. This allows us to implement access control on the server using the user object passed in from the Identity service.