Why a server? The Tesla APIs are only intended for the official Tesla App, therefore there are deliberate limitations that prevent the ease of use for third party solutions. One of those limitations is that CORS prevents any other domain than tesla.com to access the API directly from a browser. Calling the API from a node.js server works fine.
Is it safe? Yes. But don't just trust my word, verify!