Problem description

Audit Logs API - Forbidden When Using PAT Authentication

I've done the standard login and gotten a JWT to use, but calling the auditlogs API returns an unhelpful:

{"message":"forbidden","errinfo":{}}

I've tried all different permission levels for PATs but none seem to give me a token that is accepted. We cannot use username and password authentication due to enforcement of SSO. Am I missing something obvious to make this work?