Thanks to @Shibiko and @ThisIsADogHello I currently have a simple vueJS web app making requests against the remote API using Axios. Unfortunately, there are still a few things that are stopping me from making it work properly. I'll document those here and then propose my solutions (and what I am doing as an alternative) below. Problems: 1) It is against the XmlHttpRequest spec to provide a Date in the header, therefore none of the js http libraries that I've tried will allow me to send `Date:`. As Date is required for the server to decode the Authorization header, the request will fail. 2) the server does not respond with a CORS Access-Control-Allow-Origin, so the request isn't allowed to happen from the browser when the site origin is anything else other than the dedicated server's hostname/IP and port number. Proposed Solutions: 1) accept headers of both Date: and authDate: (or something similar) for the incoming date in the http requests so that web browser based clients can provide authDate: with the date and time to decode Authorization. 2) Add the CORS header to all http responses from the Remote API. This appears to be 5 lines of code according to enable-cors, but I do not know the details of of the Microsoft-HTTPAPI implementation inside of dedicated server * Example .NET code and details here: https://enable-cors.org/server_aspnet.html In the mean time, I am working on a local proxy that will both serve up my web app and proxy the API requests. My local proxy will: * convert my authDate to the expected Date header to send along to the dedicated server. * Since I will be doing a proxy request for the webapp code and relaying all requests to the real API through the same hostname + port, I'll be able to skip the requirement for CORS Though I'm confident I'll get that working, the two proposed solutions above will make it considerably easier for existing web developers to talk to the Remote API service.