You’ll need to make this call behind a backend/server, as you cannot make Webflow Data API calls from a Designer Extension, where when used by end users, the code will be exposed (and thus, the access token in your Authorization header). If you want to serve your backend on localhost for development, you can use a tool like ngrok for tunneling through a https-based URL.
If you’re building a Designer Extension Webflow App and want to make Data API calls, I recommend converting it to a Hybrid App (which has both a Designer Extension/Data Client) which will allow you to make Data API calls but in a more secure manner. Check out this hybrid app example project which shows a sample workflow of how this setup works.