Access token for machine-to-machine API

Thanks for following up @tms!

It is not recommended that SPAs request management API tokens for reasons outlined here. The M2M approach essentially allows your backend to proxy requests on behalf of your SPA, keeping the client id and secret safe. This use case is outline here:

You should be able to utilize a single M2M app and authorize it for multiple APIs.