We are using a service account to perform this action. Since this particular API requires a PAT tied to a user (as opposed to application credentials), we have to use a service account with an identity. Inevitably, you will find there are situations where service accounts with identities will have accounts in some systems, which will result in this issue coming up.
I feel like I’ve said it many times, but the requirement of user context PATs to perform API actions as opposed to application tokens causes issues in many areas, and it’s something that should be addressed. See a similar post below
I have also mentioned how much of a pain it is to generate and manage PATs for service account identities