We will be sunsetting the option to authenticate API requests with the `access_token` query parameter this year. Instead, API requests should be authenticated via the `Authorization: Bearer` header.
To help our developers plan for and test against this update, we will be deploying this change to Sandbox on January 12, 2022 during our scheduled maintenance window (starting 3:00 PM PST). After this time, any requests still using the `access_token` query parameter for authentication will return a 401 Unauthorized response.
We will sunset the `access_token` query parameter for Production environments February 28, 2022. Please test your apps in Sandbox to ensure they are unaffected by this change before then.
For more information about sunsetting a query parameter, refer to Change is Coming: API Authentication.