Building the AJAX call is where I hit the security wall - you can’t just add a straight up call like $.get(“amazon.api”, etc, etc) to pull in the back end data. That gets squashed under Same Origin Policy
The example uses Vue, which is unfamilar - i’m just starting out. I’ll stare at it some more 
I’m sure the answer is just something dumb I’ve overlooked.
So I try to copy from the javascript helper OnAuthorized example
window.Twitch.ext.onAuthorized(function(auth) {
$.ajax({
url: "https://xxx",
type: 'GET',
headers: {
'x-extension-jwt': auth.token,
}
});
});
I get the Same Order Policy message. Does this mean there is a Extension setting that I have left out?