You can run into various issues by trying to access a resource that does not belong to you or by using the wrong scopes when requesting an access token. See Setting the scope for the access token or Token does not have the privilege for this request
As mentioned in the Forge Authentication Basics, Forge is using JWT tokens. This means that the token itself contains some useful info that can help you check if your code is using the right client_id and providing the correct scopes for the request.
A JWT token contains 3 base64 encoded sections, so you could decode each separately. However, the easiest is to copy paste the access token you received into the JWT website:
