No. Using api.asApp() already provides authentication “under the hood” and trying to provide the Authorization header will only get overridden by that method. Apps should not collect API tokens from users. Doing so is both redundant and insecure.
What you call a separate backend, Atlassian refers to as “a remote”. You can find more about our plans to support separate backends via Forge Remote in:
As of writing today, there are a few milestones delivered from Forge Remote but I don’t think it answers your specific need yet.