Adding Authorization Token to API Service Operations

CD_Engineers · August 28, 2025, 10:09pm

Hello,

I have a service with 20+ operations, all of which call AWS API Gateway. I recently added an attribute that requires an authorization token for these API calls.

Right now, if the token expires, the request fails. Since Backendless doesn’t have something like Axios interceptors (which can automatically refresh tokens), I had to build my own workaround:

Wrap the request in a try/catch.
If it fails because the token expired, call another API to refresh the token.
Update the token in the backend.
Retry the original request.

The issue is that I would need to add this logic to all 20+ operations, which feels repetitive. Is there a simpler or recommended way to handle token refresh globally so I don’t have to duplicate the same logic everywhere?

Sincerely,
Cyber Dive Team

vladimir-upirov · August 29, 2025, 12:21pm

Hello @CD_Engineers

Great question—handling token refresh logic centrally is a common need for integrating with third-party APIs. While Backendless doesn’t have built-in support for request interceptors (like Axios does), you can still avoid code duplication by abstracting your token handling logic. Here are a few practical approaches you might consider:

1. Create a Centralized API Utility Function

Instead of duplicating your try/catch and retry logic in each service operation, encapsulate it in a reusable function. Then, have all your service operations call this utility when making API requests. For example, in a JavaScript Business Logic (Cloud Code) service:

async function callApiWithAuth(requestParams) {
  try {
    return await makeAwsRequest(requestParams, currentToken);
  } catch (error) {
    if (error.message === 'TOKEN_EXPIRED') {
      // Refresh and update token
      const newToken = await refreshAwsToken();
      updateTokenInBackend(newToken); // Your implementation to store/update token
      // Retry original request with new token
      return await makeAwsRequest(requestParams, newToken);
    }
    throw error;
  }
}

Each service operation simply calls callApiWithAuth() instead of embedding the retry logic directly.

2. Service Composition

You can also create an internal Backendless service that handles AWS calls and token refresh. All your 20+ operations would delegate their requests to this service. Centralizing the logic this way makes future changes and debugging much easier.

Regards,
Vlad

CD_Engineers · August 29, 2025, 4:43pm

Could you elaborate on that second option for me? Are you saying that I should create another API service which handles refreshing the token and add this to the 20+ operations that are in the AWS service I created. This way if I need to edit this request I can do it from one central place?

vladimir-upirov · August 29, 2025, 7:06pm

sure, I mean to create a new class or function not an API Service. And the service can check a token and run the refresh API to get fresh token.
Here is code sample:

class YourAPIService {

  runSomeAPI(){
    const currentToken = ... // received from configs or the request payload
    const validToken = ensureValidAWSToken(currentToken)

    // run AWS API with the valid token
   
  }
}

function ensureValidAWSToken(currentToken){
  const isTokenValid = ... /// run AWS API to check if the token valid

  if (isTokenValid) {
   return currentToken
  }
   
  const newToken = ... /// run the AWS API to refresh the token

  return newToken
}