The 401 means the OAuth token doesn’t have the correct scope assigned (in this case, user_read scope). When you open the /user endpoint in the browser, it’s likely using the cookie of the logged in user.
1 Like