API calls return Forbidden

My system was working last month, but I have updated it as per instructions to point to the new authentication APIs.  I am able to get a token back, with the correct scopes (contact_data).  However whenever I try to to make a call to "https://api.cc.email/contacts" I get a Forbidden error message.  Looking at the documentation, I noticed that this might mean the application is deactivated, so I create a new application to use.  This new app, with new client ID and client Secret is still returning forbidden.

If I test things via the developer example pages,  I am getting correct results.

Any thoughts?