Look in your web browser's console. (On chrome this is the developer console found under the options section, or by pressing f12). You'll notice a message about a orgin-acess-control header. Unfortunately codepen does not include one of these, so your API calls are being rejected by the API. The most common workaround here is to simply forward it through a proxy. Add "https://cors-anywhere.herokuapp.com/" to the front of your API call url and this should fix the issue.
This is a known issue, and in the beta version of FCC this challenge has been made OPTIONS near the end of the course.