Fetching & Displaying Data

What is the recommended approach for handling authentication tokens in API requests?

const api = {
  async request(url, options = {}) {
    const token = localStorage.getItem('authToken');
    const headers = new Headers(options.headers || {});
    
    if (token) {
      headers.set('Authorization', `Bearer ${token}`);
    }
    
    const response = await fetch(url, { ...options, headers });
    
    if (response.status === 401) {
      // Token expired or invalid
      localStorage.removeItem('authToken');
      redirectToLogin();
      return;
    }
    
    return response;
  }
};

Store tokens in cookies only
Include tokens in URL parameters
Use secure storage and proper headers
Proper authentication token handling should: 1) Use secure storage mechanisms (HttpOnly cookies for session tokens), 2) Implement proper token refresh mechanisms, 3) Handle token expiration gracefully, 4) Use appropriate security headers. Additional considerations include: - Implementing CSRF protection - Handling concurrent requests during token refresh - Securing token transmission - Implementing proper logout mechanisms - Handling multiple sessions appropriately
Don't use authentication

Next Question (14/20)