Usually we need an authentication method to use Asana API, either personal access token or OAuth.
However, for browser extensions, we can skip the authentication process because
you were already logged into Asana in your browser so you were able to authenticate to the API with credentials stored by your browser.
Please note that this applies only when the user is logged into Asana.
When I developed my own code, I referenced Asana’s official Chrome extension on GitHub too. It might look complicated because it uses jQuery.
I think the code around
const xhr = new XMLHttpRequest(); in background.js might be a simpler example of calling Asana API from an extension. It corresponds to api_bridge.js file in Asana’s repository.
I hope this helps, and please don’t hesitate to ask if you have further questions!
(Disclaimer: I’m an amateur programmer and my extension is really outdated. Updating it has been at the end of my to-do list for quite a long time.)
Thank you @Phil_Seeman for looping me in!