I've tried this now. It doesn't work for me.
I get the following response:
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer realm="
http://v1.mycompanydomain/V1-Production", scope="query-api-1.0"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
VersionOne: Ultimate/14.0.1.6629;
Scrum..Access-Control-Allow-Origin: *
Is this because our admins have got stuff in front of VersionOne? (in this case IIS) or is this something else?