Hi @James G Foster ,
I have checked the REST call with .NET code and it works fine with the above scope and with "x-ms-version" as "2018-12-31".
Also, please make sure that you are providing RBAC permissions as mentioned over here
I have assigned "Cosmos DB Built-in Data Contributor" role for my testing and it worked as expected.
Result-
Also, here is how my token payload looks like -
I having internal discussion with the products team as it looks like the version mentioned in the documentation is incorrect. Please let me know if you have any questions.
Thanks
Saurabh