Make backend request from the frontend server
Currently, all requests to the backend are made directly from the frontend webapp running inside the browser. In this case, to make authenticated calls to the backend the access token has to be stored on the client side, which could be accessed by malicious code. Instead, make the call to the frontend server which then relays it to the backend and can add the access token if necessary.