I didn’t try this yet but you are on the right track here. If the REST API is not documented, most likely it doesn’t support the [OAuth 2.0 scopes] and that’s why the app is failing with a 401.
But then it’s strange that is happens also for the Search content by CQL API.
When this happens, I usually try an uninstall and reinstall the app. Maybe something unexpected happened during the installation and the scopes haven’t been set as expected.
In this case though, I think the issue is that this v1 API has been retired at the end of last month: Update to Confluence v1 API Deprecation Timeline - #31 by PeterObara
Here are 2 additional observations from me:
- v1 vs v2: yes please, try to use the v2 as soon as possible. Most of the v1 APIs have been retired now
- scopes: you want to use the “Classic RECOMMENDED” scopes when writing Forge apps
Hope this helps! I’ve also reported this to our content design team so 
there will be an update to the doc soon too.
Cheers,
Caterina