There are two methods here
- You pass the token from the backend to the front end. Store it in a varaible and call the API directly from the frontend (like you already have been doing)
- Your frontend calls your backend and the backend loads the token from session and then calls the API proxying the data back to the user via the backend. This also means you can add server side caching, no need to call the API if you got the same data recently.