How to send additional headers inside jquery ajax request for JSON

Question

I am trying to build an API for my existing web application in order to develop mobile Apps for the service. Goal is to provide JSON-Feeds for displaying content inside a cordova-app environment.

My .ajax call looks like this:

$.ajax({
    type: "POST",
    headers: {
        "Authorization" : '3d5cd0938b8db73d62e246e561c86f'
    },
    data: { 
        scat: false, 
        mcat: 8, 
        page: 1 
    },  
    dataType: 'json', 
    url: "http://snake2.test-api/services/rest/v1/category/",
        success: function(data) {
            alert('OK');
        },
        error: function() {
            alert('error');
        },
    beforeSend: setHeader
});

In theory the setup works, but I can not get the jquery ajax request done right. While "Advanced Rest Client" in Chrome deliveres the desired JSON-Feed, my AjAX request does not. By looking at the apache logs of the API-Server, it reveals that the headers look different from what they should look like.

In Google Advanced Rest Client:

Status
200 OK Show explanation Loading time: 578
Request headers 
CSP: active
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
Authorization: 3d5cd0938b8db73d62e246e561c86f
Content-Type: application/x-www-form-urlencoded 
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,es;q=0.2
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
Response headers 
Date: Mon, 08 Jun 2015 19:38:09 GMT 
Server: Apache 
Cache-Control: max-age=604800 
Expires: Mon, 15 Jun 2015 19:38:09 GMT 
Vary: Accept-Encoding 
Content-Encoding: gzip 
Content-Length: 1264 
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: application/json 

My ajax request fired over the App, delivers following server logs for headers:

+28639:556f87c3:0|OPTIONS /v1/category/ HTTP/1.1|Host:snake2.test-api|Connection:keep-alive|Pragma:no-cache|Cache-Control:no-cache|Access-Control-Request-Method:POST|Origin:http%3a//127.0.0.1|User-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53|Access-Control-Request-Headers:accept, api_key, authorization, content-type|Accept:/|Referer:http%3a//127.0.0.1/~merlin/test_apps/www/index_search.html|Accept-Encoding:gzip, deflate, sdch|Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,es;q=0.2|AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.3 -28639:556f87c3:0

Clearly the authorisation token is missing inside headers and somehow the word "Options" apears.

This is also what I get from console error on chrome:

OPTIONS http://snake2.test-api/v1/category/ 404 (Not Found)
m.ajaxTransport.send @ jquery.js:4
m.extend.ajax @ jquery.js:4
(anonymous function) @ index_search.html:26
m.Callbacks.j @ jquery.js:2
m.Callbacks.k.fireWith @ jquery.js:2
m.extend.ready @ jquery.js:2J @ jquery.js:2

index_search.html:1 XMLHttpRequest cannot load http://snake2.test-api/v1/category/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1' is therefore not allowed access. The response had HTTP status code 404.

I am aware of the cross/browser security issue which triggers the message oncerning origin. However, this should not be the case inside cordova and is not. The issue here is, that somehow the authorisation key sent inside headers does not work and my syntax converts it into "OPTIONS".