Authorization header must container "Bearer" and the token