Is there a reason why you want to call the API from Javascript? It’s generally not a good idea to expose sensitive credentials on the client.
This is related to the security settings of the browser. The browser disallows non-same-origin AJAX requests. It is only possible to make an AJAX call to another domain, if that domain has special CORS settings enabled to allow it. This is not something we provide on our API and recommend instead to make your calls from the server side.