Assuming you are using a browser and not an app:

1. Do it through a custom backend or adapt the CORS headers in order for the browser.
2. You main problem will be securing the authentication tokens/credentials, specially for the later approach.
3. You could use https://github.com/Ride-The-Lightning/RTL as inspiration.