There is a special case to allow calls to the API from JavaScript: if your code is located on Wild Apricot site pages (for example, on some page in your_organization.wildapricot.org), then the API calls can be made with the permissions of the currently logged in user. However, your JavaScript code should provide the clientId in a separate HTTP header.
In this case, you don’t need an authentication token, since authentication is based on website session cookie.
Example:
$.ajax({ url: "/sys/api/v2/accounts/58293/contacts/me", type: "GET", dataType: "json", cache: false, async: true, headers: { "clientId": "APPLICATION_CLIENT_ID" }, success: function (data, textStatus, jqXhr) { alert("Current contact email:" + data.Email);}, error: function (jqXHR, textStatus, errorThrown) { alert(textStatus + " (" + jqXHR.status + ") : " + errorThrown);} });