Ah, I see now, the problem is that you haven’t configured CORS support for your API. See how here:
Basically visit your api detail page and enter the domain you are making these calls from (e.g.
Basically because this is a front end call, the request is being made from some client somewhere. This request is going to be rejected (for security reasons) unless you specifically approve requests from clients on that domain. For local testing, the domain you’ll probably want is
If you don’t want to use CORS or cannot for some reason, then alternatively you can use JSONP to get around the security issue. Here’s an article from the AngularJS docs on how to do use JSONP:
With JSONP you don’t need a CORS domain, it should work as is.