@nilan Does anyone know if the following is secure? If a function should only be called using the PAT (i.e. an internal function), will checking if

event.context.auth.typeName === 'PAT'

be sufficient and secure? Posted to the forum here https://www.graph.cool/forum/t/how-to-know-whether-or-not-its-roottoken-request-inside-resolver-function/1692