Skip to content

API Authorization

To ensure secure communication between the Topol Plugin and your custom backend endpoints, we provide a flexible way to attach authorization headers to all outgoing API requests. This is essential when your endpoints require authentication, such as token-based access control, to prevent unauthorized usage of data (e.g., feeds, products, or templates).

Setting the Authorization Header

You can define authorization headers in the TOPOL_OPTIONS object when initializing the Plugin. The defined headers will automatically be appended to every outgoing API request made by the Plugin.

There are two approaches:

1. Using Standard Authorization Header

This is the most common method (e.g., with Bearer tokens):

js
apiAuthorizationHeader: "Bearer your_token"

This configuration results in HTTP headers like:

Authorization: Bearer your_token

2. Using Custom Header Names

If your backend expects a non-standard header or you need to pass the token under a custom key, define the header as an object:

js
apiAuthorizationHeader: {
  "X-Auth-Token": "your_custom_token"
}

This configuration sends:

X-Auth-Token: your_custom_token

Updating Authorization Tokens Dynamically

When the authorization token needs to be refreshed (e.g., after expiration or user re-authentication), you can dynamically update the token without reinitializing the Plugin.

Use the TopolPlugin.updateApiAuthorizationHeader() method:

js
TopolPlugin.updateApiAuthorizationHeader(new_token);

new_token can be a string or an object that provides header name and the value:

js
// either string format (standard)
TopolPlugin.updateApiAuthorizationHeader("Bearer new_token_value"); 
// or object format (custom header)
TopolPlugin.updateApiAuthorizationHeader({
  "X-Auth-Token": "new_token_value"
});

This ensures that all subsequent API calls will use the newly updated header values.