Mobile app lacks centralized authenticated request handling for protected API calls

[Midoriya-w]

Problem

The mobile app currently performs authenticated API requests independently across multiple screens by manually attaching Authorization headers inside components.

Examples found in:

• CardsScreen.tsx
• ConnectPlatformsScreen.tsx
• DevCardViewScreen.tsx
• HomeScreen.tsx
• LinksScreen.tsx

Current implementation issues:

• duplicated authenticated request logic across screens
• no centralized unauthorized (401/403) response handling
• inconsistent session failure behavior
• stale auth state may persist after token expiry
• future auth-related maintenance becomes harder as the app scales

At the moment, each screen is responsible for handling protected API requests separately, which increases the risk of inconsistent authentication behavior and duplicated logic throughout the mobile codebase.

---

Expected behavior

Authenticated API requests should:

• use centralized request handling
• automatically inject auth tokens
• consistently handle invalid/expired sessions
• clear persisted auth state on unauthorized responses
• provide predictable authentication behavior across the app

---

Suggested fix

Introduce a shared authenticated API utility/interceptor layer for mobile requests.

Possible improvements:

• centralized auth-aware request wrapper
• shared token injection logic
• global unauthorized (401/403) handling
• automatic logout/session cleanup on invalid token
• reduced duplication across screens/components

This would improve maintainability, scalability, and overall session reliability for the mobile app.

[Midoriya-w]

Hey @Harxhit I would like to work on this issue under GSSOC 2026.

Planned approach:

• create centralized authenticated request handling
• reduce duplicated auth request logic across screens
• add consistent unauthorized (401/403) handling
• ensure invalid sessions are cleaned properly

[Harxhit]

@Midoriya-w I have assigned this issue to you.

[Midoriya-w]

Hey @Harxhit Opened a PR with the fix added apps/mobile/src/utils/apiClient.ts as a centralized authenticated request handler that automatically injects auth tokens, handles 401/403 responses, and reduces duplicated auth logic across all mobile screens. PR: #338 Ready for review!