Has anyone successfully executed an Assets AQL API call using a service account in Jira Service Mana

I’m trying to run the following endpoint:

POST /ex/jira/{cloudId}/jsm/assets/workspace/{workspaceId}/v1/object/aql

The call works perfectly when authenticated with my personal user account.
But when using a service/technical account, the exact same request fails (401 : insufficient_scope):

{
    "code": 401,
    "message": "Unauthorized; scope does not match"
}
To rule out permission issues, I already ensured that the service account has:

All JSM project permissions, including Create issue, Edit issue, Browse project, Service Desk Agent, etc.

Full Assets access on the workspace/schema (viewer + admin roles tested).

The OAuth scopes required for Assets, including:

read:cmdb-object:jira

read:cmdb-config:jira

Despite this, the AQL call still fails, while it succeeds for a normal user.

So my question is:

👉 Has anyone actually managed to make an AQL API call work with a service account on JSM Cloud?

If yes, could you share:

Which authentication method you used (API token, OAuth 3LO, Forge, Connect app, etc.)

Which scopes or permissions were required beyond read:cmdb

Whether a service account needs additional, undocumented permissions

Any limitations you’ve encountered with the new Assets API when using non-human accounts

Any working example (curl/Postman + config) would be extremely helpful.

Thanks a lot!

PS : I can create issues through API and read issues but can't still perform AQL.