I'm trying to use the SourceHut API for Mailing lists[1] to change the
status of a patchset from "proposed" to "applied".

I'm doing the following call with curl:

$ echo '{"status":"approved"}' | curl -X PUT \
    -H Authorization:"token <REDACTED>" \
    -H Content-Type:application/json \
    -d @- \
    https://lists.alpinelinux.org/api/user/~alpine/lists/aports/patchsets/3300

And i get the following response:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>401 Unauthorized</title>
<h1>Unauthorized</h1>
<p>The server could not verify that you are authorized to access the
URL requested.  You either supplied the wrong credentials (e.g. a bad
password), or your browser doesn't understand how to supply the
credentials required.</p>
* Connection #0 to host lists.alpinelinux.org left intact

I can confirm the personal token can be used to perform a GET on the
same API:

$ curl \
  -H Authorization:"token <REDACTED>" \
  https://lists.alpinelinux.org/api/user/~alpine/lists/aports/patchsets/3300

the response is a json blob:

{"id": 3300, "created": "2020-03-10T21:01:01+00:00", "updated":
"2020-03-10T21:01:01+00:00", "subject": "Add hotfix for running `hg
archive` with gzip files on python 3.8.2+", "prefix": null, "version":
1, "status": "proposed"}

[1] https://man.sr.ht/lists.sr.ht/api.md