Our architecture is such that the frontend communicates with the core via your backend API domain. This is because session cookies are to be set against your API domain. To achieve this, you can run a node process that uses our NodeJS SDK, and have a reverse proxy (using Nginx) in your backend that routes all /auth/* requests to that node process.