Your authorization header should be like this to use the token:
Authorization: Bearer <token>
(note the Bearer scheme)
Or alternatively you can use it as the username of a Basic authorization scheme with an empty password, example:
Authorization: Basic <base64(token + ":")>
(most libraries and tools will help you with this)
Don’t activate Basic Auth in the API Security settings unless you really need to, if you use a token, even as a Basic Auth username, you don’t need this setting enabled.