You do have some examples:
The problem I am having is that when you put all the pieces together, and you use any external tool, they ask you for the headers, the body, the URL and such.
They do not ask you for the whole payload.
On XML, we made that work (so we know the headers and auth are working), and the app and everything.
On XML; we ignore the headers of the request and put everything into the body, and that works.
I just tried the same with JSON, not sure why I did not try it before, and it works too.
Adding the whole thing into the body and not using the proper headers or the request works.
To me this is a poor implementation, headers are not real headers of the request but something you called headers on your body, you may call them “tokens” and it will work the same. Calling them headers makes everything more confusing and difficult to use.
At least I know understand and we can work with it but you should create a 2.0 and fix those things.