Cross-site ajax requests require an appropriate CORS header (more discussion): Code: Access-Control-Allow-Origin: * (Requested only because my preferred editor for manipulating JSON APIs is my browser console, and I'm too lazy to twiddle the cross-site security options every time I load up the page... >_>) This would also be necessary to enable any kind of in-browser tool that would utilize the API.