1 .How do I append the token received from the the auth url to my api requests?
2. Where is this token stored after auth is succeeded? How do I fetch it and append to other api calls.
If you configure tokenAuth for your route, Grafana will manage the tokens in the background for you. If you need custom authentication, you need to implement it yourself in a backend plugin.
Not that I know of. Probably since only administrators are allowed to configure data sources. For example, if the query editor could update the secure JSON data, they could potentially reconfigure the credentials of the data source from the dashboard.