If you want to test your token, I recommend using a simple API call. Something like listing domains:
curl https://desec.io/api/v1/domains/ \
--header "Authorization: Token {secret}"
This will either return status code 200 (and the list of domains in your account) or status code 401. The latter means that the token is not valid.
However, I believe token validity is among the first things that the API checks for a request. Since you already got a “Invalid token” response somewhere else, you’ll get the same for this simple test unless something is very wrong.
This means, you’ll have to create a new token and use that.
But this whole thread strikes me as a bit of a XY problem. You posted a curl command that does not work. But what do you actually want to achieve? Get the curl command right? Or set up some DNS records? In the latter case, you may want to look into Tools implementing deSEC for some community tools that provide a somewhat simplified abstraction layer for the API.