The error you get is a browser security restriction based on CORS. The management API doesn’t return CORS-related headers in its response but you can workaround the issue by using a proxy API definition (in Tyk) with CORS enabled as mentioned in this post.
The other less secure alternative is to disable CORS on your browser since you are in development mode.