Hi @knluser, JWT apps have access to all users on the account. You can replace the {userID} value with the email of the user, or the userID of the user (which can be found in the List Users API).
If you are getting an Access Token expired response, are you using a JSON Web Token? Or OAuth? JWTs are meant to be generated uniquely on each request, unless you are strictly testing. If you are using the testing module on our documentation, you should not use an API Key and Secret, but rather use an OAuth app.