I have search API, before calling it I need to call getAccessToken API and it will give me the accessToken & expiry, this expiry is currently 1hr. and I need to store these accessToken and expiry somewhere.
in the next corresponding search API calls, I need to check like the accessToken is valid or not, if it valid I do not need to call the getAccessToken API again.
but if it not valid, I need to call the getAccessToken API and update the values of accessToken & expiry.
But my big question is where I need to store this accessToken & expiry, these are sensitive data and which will update for every 1hr.
This depends a little bit on where you’re calling the search API from. Ideally you call it from your own backend (or from an API route or Server Function in Next.js if that’s what you’re using)
In that case, the safest way is to save the access token in a cookie with HttpOnly=true and SameSite=Strict headers. That will keep the access token attached to the browser of the user who requested it (so no one else can access) and only accessible in your server (so no client side code can read the cookie value)
Browsers send cookies to the backend automatically on each request, so you can use req.cookie to access the value in your server handler. You can also make this cookie expire automatically after an hour so you don’t need to check it yourself.
