Notice two things. First, that the Accept and Content-Type variables are both application_json, which is taken from your Global Variables whereas the Authorization field is taken from the statistically typed word "Bearer ", joined to the Access Token that we got back from our first HTTP request event in your action and event chain.