It's possible. Are you submitting the identity request and rest request to the same host, e.g. aaa-999-aaa.mktorest.com? If the hosts are different you'd see what you're describing
If you create a new custom service and use those credentials, do you have the same issue? Beyond that, I'd suggest you open a support case and include examples calls/responses where you've observed this.
Hmm.. something is really wrong here. Have you tried to enter your get request into browser address bar and see how it goes? Also I'd try passing token as http auth header. It's not a solution, of course, as you won't fix the problem but it could lead you to understanding what's going on.
On the other end, I'd double check there isn't a typo in the URL or the way the paramaters are included,
Creating a new API-Only User and a new LaunchPoint Service fixed the issue. I suspect that when the setup was done the first time, the user wasn't made an api-only user.