I have a problem in calling a service in apiman-gateway with the Authorization: Bearer <token> in the header. 

It seems to preflight OPTIONS and return  
  1. X-Policy-Failure-Message:
    OAuth2 'Authorization' header or 'access_token' query parameter must be provided.
I am sending the bearer token with the request and i make sure in the preflight its sent in the request.

  1. Access-Control-Request-Headers:
    accept, authorization
Does anyone know if there Is something i'm missing ?  do i need to get authorization enabled or added anywhere ? as a side note i have below in my api as well:

response.setHeader("Access-Control-Allow-Headers", "Authorization");