Sounds like something is overriding the login query parameter and reqbin is not sending the request you think it is.
Since if the token is invalid you’d get a 401.
And just checking you did generate a user or app access token, and you are not using your ClientSecret as a token? (Which shouldn’t generate a 400 here but a 401 with clientID mistmatch, but worth checking)