Your wording is confusing
- If you use an “app access token”, this doesn’t represent a user, so there is no permissions to read an email from
- If you use a “user access token”, it does represent a user, and thus has permissions (if requested) to read the email address on the users API
You should use the “user access token” you obtained from the user in your server side code.
An “app access token”, is for use when a users token isn’t needed or cannot be obtained, and won’t grant access to privileged data (generally speaking). And a users email is priviledge.
This API
Requires a “user access token” with scope "user:read:email: applied to read the email, and where the id/login specified in the request, matches that of the user token you specify
Basically you should always be using a users access token, (even server side) if you want to read a users email address from the GetUsers API
And you’ve misunderstood the purpose of App Access Tokens