You were right, I forgot to actually set the access token, which is why it was complaining.
I have decided to go a slightly different route as I don’t want to retrieve an access token for every user currently, but I now know what was going wrong and how I can do it this way.
However, the last stumbling block I possibly see is:
{"grant_type":"authorization_code","client_id":"","client_secret":"","redirect_uri":"","code":"","scope":"channel:read:subscriptions moderator:read:followers"}
{"access_token":"","expires_in":15196,"refresh_token":"","scope":["user:read:email"],"token_type":"bearer"}
I have removed the sensitive information, but as you can see, I requested the additional scopes, but the access token that was returned states that it only has the user:read:email scope? Does that sound right, or is something still going wrong there?