simple question, i'm deploying a prisma cloud server to heroku. it seems to set a random

managementApiSecret

but the playground appears to be wide open to the public internet and i can run all sorts or queries and mutations. how do i prevent other people from accessing the endpoints and running something like

mutation {
  deleteManyUsers {
    count
  }
}