What are you passing in your Authorization header?
If you’re calling a kraken (v5) endpoint, it should to be “OAuth dfva8mebnd****8ss2l42wpm”
If you’re calling a helix (“new”) endpoint, you need “Bearer dfva8mebnd****8ss2l42wpm”
If that doesn’t help, which endpoint are you calling? Is it one which requires a particular scope? (you haven’t specified any)