@Cedric
Thank you for your post!
Based off the documentation, it looks like you'll need to use the OAuth2 implicit Flow
with the user_impersonation
scope in order to use the REST API. I was able to test out another REST API - Get Secret where that specific API's security section wasn't present in the documentation, and was able to run it without issues.
Can you try using Postman's Authorization flow to see if this helps resolve your issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.