You did generate a user token with the relevant scopes and not used an app access/client creds token?
The error suggests you used a App Access Token
rather than
You can check the token type by calling the validate endpoint
Which’ll return the userID and any scopes on that token (if any)
An initial user oAuth token will require opening a webpage to grant link permission between the user and the ClientID