Using curl the SCOM rest api returns "Index was outside the bounds of the array"

I am trying to retrieve SCOM alerts using their REST API via curl. It keeps returning:

"errorMessage": "Index was outside the bounds of the array.",
"errorTrace": "   at Microsoft.EnterpriseManagement.OMDataService.Filters.ValidateAntiForgeryTokenAttribute.OnActionExecuting(HttpActionContext actionContext)\r\n   at System.Web.Http.Filters.ActionFilterAttribute.OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)\r\n...

First, I took my:

AuthenticationMode:<domain>\<username>:<password>

string and converted it to UTF8 and then used openssl to base64 encode that. I took that "token" and used it in my /OperationsManager/authenticate call like so:

curl --location --request POST 'https://myhostname/OperationsManager/authenticate' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '"<my_base64_encoded_token>"'

This returns me a "SCOMSessionId" and "SCOM-CSRF-TOKEN". I then take the "SCOM-CSRF-TOKEN" and make the following call to /OperationsManager/data/alert:

curl --location --request POST 'https://myhostname/OperationsManager/data/alert' \
--header 'Content-Type: application/json; charset=utf-8' \
--header 'SCOM-CSRF-TOKEN:<csrf_token_value_here>' \
--data-raw '{
    "criteria":"(ResolutionState = '\''0'\'')",
    "displayColumns": [
        "severity","monitoringobjectdisplayname","name","age","repeatcount"
    ]
}'

What could I be doing wrong? All the documentation I find is centered around powershell.