JSONP does not allow for setting headers, as that makes the browser generate a <script> tag, which don’t support that.
When not using JSONP, so for regular XHR/Ajax, browsers are far more secure than, e.g., some script or Postman. Specifically, by default an XHR request will not send the Authorization header when fetching data from a different domain. In your browser’s Network traffic you’ll see that it has been stripped out.
To fix that, you’d need to tell the browser to use withCredentials, which JQuery supports. However, that would require an OPTIONS request, and I don’t think TTN supports that. (It yields a 404 Not Found in my tests.)