If you haven’t done so already you should read the reference documentation on how to setup a server-side web application to call into an API (aka resource server) while following the OIDC and OAuth2 protocols.
In addition, if your technologies are covered by the available quickstarts you should follow the code for the ones that apply to your case:
In conclusion, first you get the access token and then you call your API; if your API is rejecting the access token then you either did not request a suitable access token or the API is configured incorrectly. In either case, the amount of information provided is not enough to even try to guess the possible root cause.