It’s possible that the issue with the POST requests returning a 401 unauthorized error is related to the way you are sending the authentication token in your requests. Here are a few things to check:
Make sure that you are including the authentication token in the Authorization header of your POST requests. You should include the word “Bearer” followed by a space, then the token itself. For example:
Authorization: Bearer <access_token>
Check that the token you are using is valid and has the necessary scopes to access the protected routes. You can use a tool like jwt.io to decode the token and inspect its contents.
Ordinarily you should be able to obtain an Access Token for a (custom) API by specifying an audience parameter on either a call to the Auth0 `/authorize’ endpoint, or when using one of the Auth0 SDKs; see here for further details.
The Access Token should be passed to the API as previously indicated, and the API should then validate both the audience and the scope for the operation requested