After much trial and error I figured out what was going on. My custom domain that was configured through AWS CloudFront did not have the Authorization header whitelisted. So when the request passed through our custom domain the header was being stripped off.
1 Like