I am trying to make an HTTP call to our legacy APIs. These APIs use basic authorization.
When making a call from an Angular app, I have to pass this authorization token which is not a problem. My concern is that anyone can sniff the token from the Angular app, and that would allow them to make calls to our APIs.
How can I call existing APIs without compromising the token?
User can reach any storage on client side (example via console). So, you can not hide it.
So, You can just save this token and set to request with HttpInterceptor: