Your first request caused a 404 error message, which typically means that the server could not find any resource at the specific URL path, so most probably the API was not designed to accept requests to the "/" path.
However i believe your 2nd approach is actually the intended one, in which case the first thing to try would be decoding the token using a library such as jwt.io and verify if it is still a valid one by checking the exp claim.
Otherwise if a call was made with an Access Token that embeds all the necessary scopes, given the 401 Unauthorized Error I would recommend checking this Knowledge Article on - Access Token Rejected when Calling Auth0 APIs.
Sorry for the late reply as well, but answering this since it might help others as well.
Thanks,
Remus