Hello @LiyangWan-8349
Based on the error, it appears that the token that you are trying to use is not issued for correct audience, which should be https://graph.microsoft.com in this case. Please try using https://graph.microsoft.com/.default value for the scope parameter in your token request body and try making the get message call again with the new token.
Also, the application permissions are applicable if you are using client_credentials flow to get a token. If you are using any other flow to get the token, you would need to add Mail.Read and Mail.ReadBasic.All permissions as delegated permissions.
If you still face any issues, please share the screenshot of Postman with the token request call and the body parameters (hiding the confidential information).
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.