@BlackUnicorn , I checked the API documents it does not describe very clearly that they need the object id not application id when you create service principal user from public API.
You can find your application's object id from Azure Portal -> Azure Active Directory -> Enterprise applications -> your app
so created service principal user like [tenant id]-[object id], another requirement to ensure your application can access the IoT Central public API, you should ensure from Azure Portal -> Azure Active Directory -> App registrations -> your app -> API Permissions, had following permissions added.
After you added permission for Microsoft IoT Central, you should also click