Assuming that the header was set correctly in Frontend, which looks correct
And your copy nad pasted the secret correcty.
and having checked token contains what it’s supposed to contain on the backedn
I don’t see any obviously wrong here.
So it looks like inbound requests to your python didn’t extract the token correctly?
Does token in python contain what it’s supposed to contain?
And debug your outbound request to check it’s what you expect