In the Developer Tools pane when I add the web part to a page I get the following:
"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Within my package-solution.json file I make a request to grant user_impersonation permissions, which I did. But as I'm typing I'm thinking that in the service tier for OData Services we use NavUserPassword Authentication, so is SharePoint trying to use my Office 365 login to access the data?
All of this has just been trial and error, so if anyone has done this before or has any pointers on something I could try next that would be great.