@daniel.j, adding scope make it accessible for custom routes with read-only Api Token but it returns a 403 error when using a Authenticated user token ( authenticated user role has permission for that custom route ).
Were you able to find some solution for this.
P.S can share some resource regarding route scopes I tried to find something but there is no material available.
Thanks