The Simkl API supports Cross-Origin Resource Sharing (CORS) on the api.simkl.com domain — you can call it directly from a browser using fetch or XMLHttpRequest.
Don’t ship client_secret in browser code. If you need authenticated calls from a browser, use the PIN flow (no secret) or proxy calls through your own server.