Hi all,
I have figured out the way - it is because the client ID and secret I used is the API I created from the API Management in the tenant.
But according to the another post - Using Workflow's HTTP Request Action to Work With IdentityNow APIs - #6 by colin_mckibben
We must use PAT to call the API. Once I changed to my PAT in the workflow and now the workflow can run without issue.
Thank you everyone for the kind assistance!