Hi Mark,
401 error code suggests the user isn't authorized to generated the token. I'd like to share with you this
knowledge base document. Please see the explanation of Api-Key. Generally, Api-Key is an easier mechanism to use than the security token. I would recommend you generate an api-key and see if that will resolve your issue.
Any user can generate an api-key. You shall go to https://rally1.rallydev.com/login , then click API KEYS (at the top), then click Create Api Key, then select between a full access or a read-only key. The api-key should be thought of as a password, you shall not share it. Using the api-key is by including a http header variable to your Rally API calls. That http header variable should be named: "ZSESSIONID" and its value needs to be your api-key.
Please let us know if that helped.
Thanks,
Sagi