Woocommerce和WSO2 Intregration身份验证

We are using a Woocommerce Webhook to send a JSON request to a client who is using WSO2, but if they switch on authentication I get 401 error.

I have tried setting the consumer key and secret with wp_remote_post() and used the username and password and add it in the header for the request. These are more less the same thing but this is what I tried:

token = array( 'key' => 'MY_KEY','secret' => 'MY_SECRET',  'username' => 'MY_USERNAME', 'password' =>  'MY_PASSWORD',   'default'); 
$response = wp_remote_post('URL', array(
    'headers' => array(
        'username' => 'MY_USERNAME',
        'password' => 'MY_PASWORD',
        'Authorization' => 'basic ' . $token,
        'key' => 'CONSUMER KEY',
        'secret' => 'SECRET',  
        'username' => 'USERNAME', 
        'password' =>  'PASSWORD',   
        'www-authenticate' => array( 'key' => 'CONSUMER KEY','secret' => 'CONSUMER KEY',  'username' => 'USERNAME', 'password' =>  'PASSWORD',   'default'),));

$basicauth = 'Basic ' . base64_encode( 'USERNAME' . ':' . 'PASSWORD' );

$headers = array( 
        'Authorization' => $basicauth,
        'Content-type' => 'application/json',
        'Content-length' => $contentlen
        );

$pload = array(
    'method' => 'POST',
    'timeout' => 30,
    'redirection' => 5,
    'httpversion' => '1.0',
    'blocking' => true,
    'headers' => $headers,
    'body' => $bdy,
    'cookies' => array()
    );

$response = wp_remote_post('URL', $pload);

This is the response I receive:

        [Response] => Array
            (
                [Code] => 401
                [Message] => Unauthorized
                [Headers] => Requests_Utility_CaseInsensitiveDictionary Object
                    (
                        [data:protected] => Array
                            (
                                [date] => Tue, 23 Oct 2018 06:43:03 GMT
                                [server] => server
                                [accept] => */*
                                [access-control-allow-origin] => *
                                [access-control-allow-methods] => POST
                                [www-authenticate] => OAuth2 realm="WSO2 API Manager", error="invalid token", error_description="The access token expired"
                                [x-wc-webhook-source] => https://site . com/
                                [referer] => URL
                                [x-forwarded-host] => host
                                [x-forwarded-proto] => https
                                [x-wc-webhook-topic] => order.created
                                [x-wc-webhook-signature] => SIGNATURE
                                [accept-encoding] => deflate, gzip
                                [x-wc-webhook-event] => created
                                [access-control-allow-headers] => authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
                                [x-wc-webhook-delivery-id] => ID
                                [expect] => 100-continue
                                [x-wc-webhook-id] => 1
                                [x-forwarded-for] => Array
                                    (
                                        [0] => test
                                        [1] => test
                                    )

                                [x-wc-webhook-resource] => order
                                [x-forwarded-server] => server
                                [content-type] => application/xml; charset=UTF-8
                            )

                    )