Unable to update cloudflare split tunnels using python and api token

Question

I am trying to update my split tunnels configuration through some python code as below

import requests
from os import getenv

cloudflare = requests.Session()

cloudflare.headers.update({"Authorization": f"Bearer {getenv('CF_TOKEN')}"})

cloudflare_endpoint = "https://api.cloudflare.com/client/v4/accounts/my-account-id"

current_config = cloudflare.get(f"{cloudflare_endpoint}/devices/policies").json()

payload = [
    {"host": "foo.com"},
    {"host": "bar.com"},
    {"address": "11.22.22.22/32"}
]

for k in current_config['result']:
    try:
        if k['name'] == 'a-named-non-default-profile':
            print(k['policy_id'])
            result = cloudflare.post(f"{cloudflare_endpoint}/devices/policies/{k['policy_id']}", json={"exclude": payload}).json()
            print(result)
    except KeyError:
        print('key error')

I am getting back

{'success': False, 'errors': [{'code': 10000, 'message': 'POST method not allowed for the api_token authentication scheme'}]}

Same result if I use patch or put.

What am I missing?

Could it be a token permissions restrictions and the error is misleading?