For a long time source IP adress restrictions have not been enforced. This has changed recently. So if you create a new token (e.g. by Oauth2) and cannot access the API with the error message “401, Unauthorized token”, please check if you set the corrent IP addresses of your server in the app configuration tab in the application manager (atm.fidor.de).
We will introduce more and better error codes, and more and better debugging tools to make unexpected behaviour easier to understand.