Telerivet doesn't provide a way to call the REST API directly from JavaScript (and discourages calling the REST API directly from smartphone or desktop apps) because that would require your API key to be embedded in your HTML source code or client application. In this case, any user of your application would be able to inspect your source code or binary to gain control of your Telerivet account.
Instead, we recommend that you make your JavaScript code or desktop/smartphone app call a URL on your own server, and then your server can make the necessary calls to the Telerivet API. You can implement the URL on your server using a language like PHP, Python, or Ruby, and use one of Telerivet's REST API client libraries.
This approach will let you keep your API key secure on your server, and make sure that the client can only make the API requests that you allow.
For receiving messages, the Webhook API can only post messages to a URL, so it isn't able to post directly to a browser, desktop, or smartphone app. Similarly, we recommend setting up a script on your server to handle Webhook API requests, and then forward those messages to your app clients via an appropriate "push" technology like WebSockets, Google Cloud Messaging, or Apple Push Notification Service.