That’s exactly how it does work. The users endpoint does NOT require a user access token. You only need a user access token (with appropriate scope) if you want to view their email. If you don’t want to view their email you just use an App Access token and you get back all the data other than their email address.
1 Like