Usefulness: Returns useful data with location to download file from - note this doesn’t use the URL found in the Legacy Assets Asset delivery v1 page.
My user API key: Success
Other user API key: 409 User is not authorized to access Asset
It appears that users still require the legacy permissions to be able to access this API endpoint. However, adding these permissions to a personal key does not solve the issue. Adding these permissions to a group key is not currently possible.
The solution was to give the user full Admin rights via the legacy permissions section:
Under Collaboration → Roles → Legacy Rolls → Click the external link icon next to it
In the Legacy Roles page, choose the Members link on the left
Under the users card select Admin from the Role dropdown
This seems to grant the legacy:write permission, allowing the user access to the asset via the endpoint.
Obviously it’s not ideal to need to elevate the user to a full Admin, but until the API perms are updated to properly support Groups this workaround will do.