I think I can see the problem here provided that your issue is the 403 Forbidden errors.
The current CarrierService on your shop was created by your other private app that you have. Since the CarrierService would be scoped to the API client that created it, the app you're currently trying to use to make requests doesn't actually have the access to do so.
If you can use the credentials from your second app to try this, you should have much more luck.
Hope this helps!
Thanks Josh -
This helps immensely. This kind of response/error needs to be documented on the https://help.shopify.com/api/reference/carrierservice page.
The "forbidden" error needs to be more descriptive. "the Api Key ## does not own this resource"
Really, ANY kind of error that can be obtained from a call needs to be documented.
I'd really love to see a https://swagger.io/ documentation for the API.
Great to see no progress on this in nearly four years.
For any eyes that stumble across this incredibly useful post, there is also an undocumented limitation where the response to making a GET request for a carrier service will not include the "callback_url" unless you use an access token from the app that created it. You will get all the other fields though.