While the preferred way for passing the token is with a Bearer header like Elatar said, you can also just add your token to the end of the href URL like you did in your first request for testing purposes.
Also, you might consider using a community created library like https://github.com/benweier/blizzard.js for handling requests. The one I pasted here was last updated 2 months ago so I assume it is up to date with the newest changes.