Using Fetch with Authorization Header and CORS

The key name should be headers, not header.

fetch(URL, {
  credentials: 'include',
  headers: {
    'Authorization': 'Bearer TOKEN'
  }
})

Read the documentation

Keys can be passed either via query parameter or HTTP header. Guildwars API servers do not support preflighted CORS requests, so if your application is running in the user's browser you'll need to use the query parameter.

To pass via query parameter, include "?access_token=" in your request.