Allowing frontend JavaScript POST requests to https://accounts.spotify.com/api/token endpoint

Solution 1:

You can find an example of using express to perform the authentication flow with Spotify on https://github.com/spotify/web-api-auth-examples (see the authorization_code approach).

You can't get an access token making a client-side request to /api/token. You need to make a request to /authorize, which will redirect to your redirect_uri, which itself will exchange a code with an access token.

Check that example, which should cover your needs.