Not sure if this matters any longer to @aprvm @kostasoft, but for anyone finding this thread in the future, major issue with this sample code seems to be the calculation of expirationTime. Maximum time allowed for tokens (I recall seeing some different values in the documentation) is 20 minutes (1200 sec). So your increment of 1999 is too large and causes the token to be rejected. When I tried using an increment of 900 (15 minutes), everything worked (using my app details) with the change in headers below. I also used different headers - const callHeaders = {"Authorization": "Bearer " + token, "Content-type": "application/json"}. Your "Accept" header containing "application/a-gzip" did not work for me (406 error). Removing that value and using either "Accept" or "Content-type" key in the header worked with "application/json" as the value.