Thanks for digging in to this!
That makes sense for the enterprise requests here.
In the case I described above I know that the org only has two members, so I feel like something else might be going on. What would allow one users token to get both members, but not the other users token? Both members are admins.
Thanks again!