The ACCESS_EMAIL_ADDRESSES
scope on Connect requires your app key to be whitelisted. Details on how to request whitelisting for your app are available here.
You’ve noted that your intention was to get all user spaces and their content and that you’ve previously used API tokens. Have you explored utilising one of our app frameworks for this instead? For example, if you utilise Forge and receive an offline Forge Remote token, the associated app account should have access to this content.