I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!
Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll summarized your issue & repost your solution in case you'd like to "Accept " the answer.
- You created a Search Service that is accessed by a JS SPA via query API Key(s) and it worked fine, but you want to switch to a Managed Identity for security reasons.
- You created the User-assigned Managed Identity (for the SPA) and added the RBAC Search Index Data Reader role for it to the Azure Cognitive Search Service but looking to understand how to use it.
- You realized your mistake and utilized an API endpoint that has the Management Identity assigned to it to provide a token for your SPA app.
Thanks again for sharing what works for you.