According to the docs, the Token may be set on the Authorization header or as query param; but only the latter works.

I have used the same Authorization header in multiple POST and GET request as seen here without problems:
https://github.com/regorxxx/Playlist-Manager-SMP/blob/main/helpers/playlist_manager_listenbrainz.js

So the code is working and the token has been tested to be valid. Doing the same with validate-token request returns a 200 response, while the same token as query param returns a valid response.

Either the docs are wrong or something may have been missed in the API, but definitely Token does not work using headers.