You’d be correct! Corrected, code still isn’t working though…
'Authorization': 'Bearer {$token}'
I’ve opted not to grab the renew token per this documentation:
However, you should build your applications in such a way that they are resilient to token authentication failures. In other words, an application capable of refreshing tokens should not need to know how long a token will live. Rather, it should be prepared to deal with the token becoming invalid at any time.