Skip to content

Accessing protected API from your React app
5 min

In this section, we will focus on how to call a secure API from your React app using the other token—the access token.

For simplicity, let's assume that the APIs we’re calling are secured by the same Identity Provider (IdP) and use the same issuer— in this case, the same WSO2 Identity Server organization. This is typical when React apps are interacting with internal APIs within the same organization.

Tip

If your app needs to call APIs secured by a different IdP, you’ll need to exchange your current access token for a new one issued by the IdP securing those APIs. This can be done using the OAuth2 token exchange grant type or other supported grant types. We will cover these scenarios in a separate guide.

Using SDK Built-in HTTP client

You can use the httpRequest API provided by the Asgardeo SDK to make HTTP requests to these endpoints. This function is used to send http requests to WSO2 Identity Server or desired backend. The developer doesn’t need to manually attach the access token since this function does it automatically.

The following is a simple example of how you might use the Asgardeo SDK’s httpRequest to call a protected API endpoint, such as /scim2/me (to get the user profile details after signing in). In this case, the SCIM 2 endpoint is secured by the same WSO2 Identity Server organization. WSO2 Identity Server provides a SCIM 2 API for managing users within your organization. While user management with SCIM 2 is a topic for a different guide, we will use the API as part of our current guide.

Note

The storage type must be set to webWorker for the token to be automatically attached. If it’s set to sessionStorage or localStorage, you may implement your own function for attaching the access token to the network request.

const App = () => {


   const { httpRequest } = useAuthContext();


   const requestConfig = {
       headers: {
           "Accept": "application/json",
           "Content-Type": "application/scim+json"
       },
       method: "GET",
       url: "https://localhost:9443/scim2/me"
   };


   useEffect(() => {
       // Make a GET request to a protected endpoint
       httpRequest(requestConfig)
           .then((response) => {
               // Handle successful response
               console.log('Response:', response.data);
           })
           .catch((error) => {
               // Handle error
               console.error('Error:', error);
           });
   }, [])
}

Note that you don’t need to manually specify the Authorization header under headers in requestConfig, as httpRequest function intercepts the request and attaches the access token to the network request as the Authorization header.

In the above example, the final request config sent by the httpRequest function would be as follows

const requestConfig = {
       headers: {
           "Accept": "application/json",
           "Content-Type": "application/scim+json",
           "Authorization": "Bearer <access_token_retrieved_from_web_worker>"
       },
       method: "GET",
       url: "https://localhost:9443/scim2/me"
   };

In case you want to send multiple API requests in parallel, you can use the httpRequestAll function to simultaneously trigger parallel network requests and receive responses after all network requests are completed.

The following code snippet shows a javascript function which accepts a list of application IDs and sends multiple network requests for each app ID in parallel. The responses will contain results for each id, as an array of responses.

import { AsgardeoSPAClient } from "@asgardeo/auth-react";


const httpClientAll = AsgardeoSPAClient.getInstance()
   .httpRequestAll.bind(AsgardeoSPAClient.getInstance());


export const getApplicationsByIds = async (ids) => {


   const requests = [];


   for (const id of ids) {
       requests.push({
           headers: {
               "Accept": "application/json",
               "Content-Type": "application/json"
           },
           method: "GET",
           url: "https://localhost:9443/applications/" + id
       });
   }


   try {
       const responses = await httpClientAll(requests);


       return Promise.resolve(responses);
   } catch (error) {
       console.error(error);
   }
};

Using a custom HTTP client

In case you are not using the webWorker as the storage type, the getAccessToken function can be used to fetch the access token and manually attach it to the network request. The following is an example where the access token is fetched and manually attached to the authorization header of a Fetch request.

import { useAuthContext } from "@asgardeo/auth-react";


const App = () => {
   const { getAccessToken } = useAuthContext();


   useEffect(() => {
      getAccessToken().then(async (accessToken) => {
          const response = await fetch("https://localhost:9443/scim2/me", {
           "Authorization": "Bearer " + accessToken
          })
          console.log(response)
      }).catch((error) => {
          console.log(error);
      });
  }, []); 

  .
  .
  .
}