You should store the owner of each bookmark in the table. You should require every request to be authenticated. Then you should only return records which are owned by the authenticated user.
If you want to enable users to share with each other, it gets a lot harder.