Note though that usually the end user would not call that management API himself, but that would be a call from your backend to the Management API, where your backend would fetch the access token for it via Client Credentials Grant (M2M / Machine to Machine).
An SPA (Single Page Application) has no way to store the client credentials securely to execute such a client credentials grant.