Thanks a lot for the input, @mcheek and @angelo_mekenkamp
However, Mark, your list seemed incredibly broad, so I wagered the documentation could be an issue rather than the API and did a very quick test.
GET /beta/accounts is on your list but does work for me with a token from an API Key. I would assume most GETs do not need a PAT (just an assumption! Could be wrong!), and on the other hand I can definitely see why Access request create, the 1st example you listed, would absolutely require a user context hence a PAT.
It seems a whole lot of clarification is needed from Sailpoint’s API documentation team, which Angelo apparently already pinged.