This suggests you have used implicit auth?
Did you get a code or a token in the URL?
If it’;s a token in the # section of the URL you are on implicit auth and can use that in the header as suggested.
If it’s a code you need to perform the next step of the oAuth dance and exchange your code for a token
Step 3 On your server, get an access token by making this request: