Hello - I am by no means a power developer, and for a variety of reasons, I am unable to utilize Python or REST JS (application is hosted on a machine provided by a SaaS low-code provider), so am trying to implement a Feature applyEdits REST API call to an ArcGIS Online hosted feature layer. I obtain a token via an application ID/key:
https://www.arcgis.com/sharing/oauth2/token?client_id=xxxxxxxxx&client_secret=xxxxxxx&grant_type=cli...
This returns a token, which I am able to successfully use for Feature Query API calls just fine. But when I try to make a Feature Layer change, using the endpoint:
https://services1.arcgis.com/xxxx/arcgis/rest/services/xxxxx/FeatureServer/0/applyEdits
and the following POST headers:
POST https://services1.arcgis.com/xxxx/arcgis/rest/services/FeatureServer/0/applyEdits HTTP 1.1
Host: services1.arcgis.com
Accept: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer (retrieved token)
I get a response of "Token Required"
If I change to web-tiered authorization in the header:
Host: services1.arcgis.com
Accept: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
X-ESRI-Authorization: Bearer (retrieved token)
It appears to accept the token, but returns a result of the html page of the Rest Service directory for the applyEdits URL:

I am unsure how to debug this, but have tried issuing the POST from POSTMAN as well as an online validation site, with the same results.