Confusion about SPA + Management API and Custom API

Hi Guys,

I have a react SPA with Auth0 working just fine and I can make calls to my custom API.

I want to access the own user’s metadata from my SPA, this is where I am stuck.
(I understand that the SPA has limited access to management API features due to security reasons.)

Since I need to be logged in with my custom API for all my business related API calls, how can I access my user’s metadata.

I am able to login to the Auth0 Management API and get the metadata but than of course I cannot call my custom API.

So how would one solve this issue?

So far I wasn’t able to grant my custom API access to the management API.

Or is my understanding correct, that as soon as I am using a custom API all management API related operations must be redirected to my backend and from there to the management API?

Confused… as the title says…

Thanks for the Help