API Authorization
To ensure secure communication between the Topol Plugin and your custom backend endpoints, we provide a flexible way to attach authorization headers to all outgoing API requests. This is essential when your endpoints require authentication, such as token-based access control, to prevent unauthorized usage of data (e.g., feeds, products, or templates).
Setting the Authorization Header
You can define authorization headers in the TOPOL_OPTIONS
object when initializing the Plugin. The defined headers will automatically be appended to every outgoing API request made by the Plugin.
There are two approaches:
1. Using Standard Authorization Header
This is the most common method (e.g., with Bearer tokens):
apiAuthorizationHeader: "Bearer your_token"
This configuration results in HTTP headers like:
Authorization: Bearer your_token
2. Using Custom Header Names
If your backend expects a non-standard header or you need to pass the token under a custom key, define the header as an object:
apiAuthorizationHeader: {
"X-Auth-Token": "your_custom_token"
}
This configuration sends:
X-Auth-Token: your_custom_token
Updating Authorization Tokens Dynamically
When the authorization token needs to be refreshed (e.g., after expiration or user re-authentication), you can dynamically update the token without reinitializing the Plugin.
Use the TopolPlugin.updateApiAuthorizationHeader()
method:
TopolPlugin.updateApiAuthorizationHeader(new_token);
new_token
can be a string or an object that provides header name and the value:
// either string format (standard)
TopolPlugin.updateApiAuthorizationHeader("Bearer new_token_value");
// or object format (custom header)
TopolPlugin.updateApiAuthorizationHeader({
"X-Auth-Token": "new_token_value"
});
This ensures that all subsequent API calls will use the newly updated header values.