Hi @sreenu539
Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.
My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request.
At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.
Hope it helps