The ID token returned in the request should have the user information necessary for your SPA. This topic adds some detail if you’re interested in learning more.
You can use a single API to serve all of your applications.
Can you give an example of the resources you’re securing with this claim. I am going to ask our field team for their input.