Track user email from an access Token

After one of our endpoints got an enumerated hits which caused this message:

Your tenant: "OUR_Endppoint" has crossed 90% of your plan limit for M2M tokens for this month.

After I caught the access token involved, I need your help now to extract the user email from it, to be honest, I followed some topics here in the same context, but I’m quite confused about how to reach that because some of them (these topics) talk about included the “user email” in the token configuration, so can someone please leads me through the common steps to track the user email from the access token please, thank you!