In your API key registration, did you configured the domain (s) that you are making the Ajax request from? If you do not do this, our API will not negotiate permission with the CORS protection implemented by your client.
Generally, an API with CORS protection will compare the Origin: header sent by a JS client against an authorisation list. If a match is made, an Access-Control-Allow-Origin: matched-domain is sent back which authorises the client.
Log onto the developer hub and edit your API key to review and/or correct the details. If everything is as it should be, come back with more info and we’ll take a look.