Hey @quinten.de.clerck thanks for following up.
Your client side application is most likely what users will interact with and engage with universal login - During the login flow you’ll use the API identifier of the API you registered in Auth0 as the audience param. Once your client has a user’s access token, this is what will be used against and validated by your API.