I have no problems connecting to Slash Dgraph via Apollo (Angular or React). I have created an authentication token, but how do I prevent someone without it from connecting?
I believe this wording is due to conflicting changes where multiple endpoints have been combined into the admin endpoint. I think @acarey or @damian might be the right people to tag to review this.
If you are specifically needing to add API token access to the /graphql endpoint then you should look at the @auth directive. If you have a use case for blocking all access to the /graphql endpoint beyond what is capable with @auth, then this might be able to be turned into a feature request instead.