what should be my work flow with angular and a API app?
Right now i send my auth bearer like that to secure my api:
const authToken = this._oktaAuth.getAccessToken();
req = req.clone({ setHeaders: { ‘Authorization’: Bearer ${authToken} } });
Do i need to send in the header or body the token that i generated or i send it in authorization header?
Typically, it gets sent as a Bearer token in the Authorization header, so what you have right now looks good, provided of course that your API is then validating the token when it receives it to check that the requestor is allowed to access a given resource