Could you please provide the GET request that was used to access your endpoint. Please ensure that you have correctly configured your policy and that your access token is in the authorization header of any requests sent.
This means you have set up a blacklist or a white list, and it is extremely strict, if you aren;t using any modification middleware or are just testing, then remove any items in the endpoint designer.