You must include an Authorization header with a valid Bearer token