Can't access to WAF IP Access Rules using API Token

I’m trying to use an API token to create, list, update and delete IP Access Rules in a WAF Section for one zone. However after creating the token and given these permissions

I’m unable to even list the content of the WAF rules. With the error :

{"success":false,"errors":[{"code":10000,"message":"Authentication error"}]}

I find that the doc is lacking which permissions are needed for a token to access the WAF ressources.
Here below is the scope that I’m aiming to update “IP Access Rules”{zoneid}/{zone}/security/waf/tools

All the topics that I saw are using the legacy method with the email and the global api key which I want to avoid.

I would really appreciate the help and explanations on which permissions are needed to be able to list and edit the rules.

Can you share your code of how you are making the API call? You also need the zone permission and not account level.