It seems like you are attempting to set up a basic communication flow between Frontend, Backend, and an API:
+----------+ +---------+
| | ---1--> | |
| Frontend | <--2--- | Backend |
| | | |
+----------+ +---------+
| A
| | +-----+
| | | |
| \----4------| API |
\----3--------->| |
+-----+
However, for better security practices, it is recommended to structure your communication flow like this:
+----------+ +---------+ +-----+
| | ---1--> | | ---2--> | |
| Frontend | <--4--- | Backend | <--3--- | API |
| | | | | |
+----------+ +---------+ +-----+
It is not advisable to expose your token in the frontend. Instead, consider creating an endpoint in your backend to access the API securely.
Edit:
To achieve this, you can create an endpoint in your NodeJS backend using a framework like express:
var http = require('http');
var express = require('express');
var app = express();
app.get('/:myQuery', function (req, res) {
var apiEndpoint = 'https://someapi.com/'+ req.params.myQuery +'.json?access_token=' + process.env.API_TOKEN;
http.get(apiEndpoint, function(apiResponse) {
apiResponse.setEncoding('utf8');
res.status(apiResponse.statusCode);
apiResponse.on('data', function (chunk) {
console.log('BODY: ' + chunk);
res.json(JSON.parse(chunk));
});
});
});
app.listen(3000, function () {
console.log('Example app listening on port 3000!');
});
In your frontend Angular controller, you would make a request to this endpoint like so:
$http.get('http://localhost:3000/' + $scope.myQuery).then(function(){
//...
});