In order to authenticate each customer and ensure they can only add additional information for their own account, you can make use of Shopify’s API authentication features.
Specifically, you can use the Shopify Admin API to obtain a session token for each customer when they log in. This token can then be passed along with each request to your backend app server, which can verify the token’s validity and use it to perform actions on behalf of the customer.
Access tokens for the Storefront API would not be relevant in this case, as they are used for accessing storefront data rather than authenticating customer requests.