Seeing the Headers and Payload would probably be helpful here to confirm the specific API being used (Header) and the specific value(s) sent (Payload).
I’m assuming the API is “/access-profiles” but unsure if it’s using V3 or Beta as well as if it’s doing a “Put” or “Patch”. Seeing the actual payload will likely shed some light on potential invalid characters or missing ID value.