Since the Authorize logic can determine the id of the logged in user, why pass in user id as an argument, rather than deriving it from the access token as is done in other methods. Otherwise, one user could theoretically create bookmarks for another user, but not delete them.
Since the Authorize logic can determine the id of the logged in user, why pass in user id as an argument, rather than deriving it from the access token as is done in other methods. Otherwise, one user could theoretically create bookmarks for another user, but not delete them.