Also, it seems like I'm not the first to ask this questions:
This post may seem to suggest that maintaining session cookies is necessary (but is only required for uploading files via the API): Uploading attachment to a ticket via the API
I was having the same problem. I could get the sessionKey using curl or Postman, but when using jQuery.ajax() the sessionKey was rejected. When poking around in the headers, I found that the JSESSION cookie didn't match. That lead to discovering that the ajax call for the Session key needed to include:
in the call. This allows the returned cookies to be set.