It doesn’t appear you’re using authentication correctly – both v1 (now deprecated and retiring in June) and v1.1 require user-based authentication for this method. It looks like you’re just tacking on the access token you have as a randomly named “access_token” parameter when you need to sign your request using OAuth 1.0A.
