The user identifier should be included in the access token itself as for custom API (API’s you defined in your own dashboard) the access token issued will be a JWT so after validating the JWT you can trust the information contained within and the sub claim should point to the user identifier within the Auth0 service (assuming the access token was obtained through an end-user based flow).
For the second point, that value you’re passing as the access token does not seem correct from the perspective it does not seem to be a JWT and from your previous message if were having an audience related error then this would suggest the use of JWT.