Amazon SP API - CreateDestination - "Access token is missing in the request header." Error although it is supposed to be a grantless operation

Question

I am trying to create destination for the SP API notification. I have already changed to permission policy my AWS queue to grant create messages and read message attributes permissions.

I am using STS credentials to sign the request in postman. This request is supposed to be a grantless operation, so ideally it shouldn't ask for access token. Please help me understand what could I possibly be doing wrong.

Request in Postman:

POST /notifications/v1/destinations HTTP/1.1
Host: sellingpartnerapi-eu.amazon.com
X-Amz-Content-Sha256: beaead3198f7da1e70d03ab969765e0821b24fc913697e929e726aeaebf0eba3
X-Amz-Security-Token: FwoGZXIvYXdzEHMaDI8z8g0xqn42DSi0ISKoAXEp97wFc6YYdaSZ9txcAswRRsRjZ32d++T4APe/rLIL1rDfq9A2c2KYuLsF8+9F/N7brZarJQymqFnQ57JcGugxK6Npg5o/UQjNhvnI0EUAIqTptb/bXLXnmz7I2K2lhGKgV7PEkqAQlX/iYGI5RoNN0wK1QE3IY3T1miyRLF40PGNHt16WQaZPTXsMfG6OvaFuMa/ijchvnQ+3KP9Hs62vVZoxeC0G3ii7rtyYBjItb1Ltu7wcpzAXRO6W/BZWWqNN28V2ZS+e0qiYryYtgdnv0Ov9KBDBJFWKplxu
X-Amz-Date: 20220906T100237Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIA4RJ32PS7YHU6JTGP/20220906/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=2c0c3727088ffa984f181c38c89afe305840cc0058cada48480c3103f5c544fa
Content-Type: application/json
Content-Length: 170

{
  "name": "SaralDestination",
  "resourceSpecification":
  {
    "sqs":
    {
      "arn": "arn:aws:sqs:eu-west-1:861803281599:SPNotificationQueue"
    }
  }
}

Response:

{
    "errors": [
        {
            "message": "Access to requested resource is denied.",
            "code": "Unauthorized",
            "details": "Access token is missing in the request header."
        }
    ]
}

Answer 1

Gotta do a post request to: https://api.amazon.com/auth/o2/token

And then include in the headers as x-amz-access-token the access_token (starting with Atza)