Notably I have tried: "Bearer " + token, "Bearer: " + token and just token in the header.

Hi Ed, I'm not sure where difference is between, the code I included in my question and the sample code you provided as a response. Here is an updated version of my code which still doesn't work but is designed as close as possible to the code you provided as possible. const jwt = require('jsonwebtoken') const fs = require('fs') const authKey = fs.readFileSync("../../Desktop/AuthKey_26DYPK65ZK.p8") const teamID = "7F3PBYWYMS" const mapsServerKeyID = "26DYPK65ZK" const header = { alg: "ES256", typ: "JWT", kid: mapsServerKeyID, } // Example payload data const payload = { "iss": teamID, "iat": Date.now(), "exp": Date.now() + (60 * 60 * 24 * 7), // 7 days, }; let token = jwt.sign(payload, authKey, {header: header}); export async function getRestaurants() { const response = await fetch('https://maps-api.apple.com/v1/token', { method: 'GET', headers: { 'Authorization': "Bearer: " + token }, }); console.log(response) } can you please take a look and help me understand what I am doing incorrectly?

Response {   status: 401,   statusText: 'Unauthorized',   headers: Headers {     server: 'Apple',     date: 'Fri, 04 Oct 2024 21:25:27 GMT',     'content-type': 'application/json;charset=utf8',     'content-length': '71',     connection: 'keep-alive',     'cache-control': 'max-age=0',     'x-rid': 'f2e9c40e-67a5-4b2c-b8af-586af6a27f72',     'content-encoding': 'gzip',     'x-envoy-upstream-service-time': '26',     'strict-transport-security': 'max-age=31536000; includeSubdomains',     'x-content-type-options': 'nosniff',     'x-xss-protection': '1; mode=block'   },   body: ReadableStream { locked: false, state: 'readable', supportsBYOB: true },   bodyUsed: false,   ok: false,   redirected: false,   type: 'basic',   url: 'https://maps-api.apple.com/v1/token' }