Clarify API endpoint and authentication handling

We need to clarify how we're going to expose the API endpoint along with authenticating with Server. Since we're using GraphQL, we should be able to handle authentication with GraphQL instead of a separate Http endpoint utilizing GraphQL permissions.