Adding on ... it appears as if it is using anonymous authentication, despite setting the authentication header to use basic with my service account's user/password. If I change the user to something unknown, it behaves the same way, instead of sending back a generic http "Unauthorized" message.
Can you share the response from this endpoint on your PI Web API instance? Also, what version of PI Web API are you using?
I turned off anonymous authentication, as I saw in the documentation that this overrides the other methods. I'm still running into the same issue though. I know that the basic authentication service account is being used, because if I change the credentials, I get a 401 Unauthorized message on the parent batch request.
Here is the configuration response:
"CorsOrigins": "", // REDACTED //
The authentication should only be needed with the initial POST of the batch request. I would take a look at the permissions of that specific element to confirm that you do in fact have permissions on it as they may deviate from what is recorded at the higher levels. Also what does the /piwebapi/system/userinfo report as the authenticated user? Does this match with what you think you are authenticating as? What is your version of PI Web API?
This issue was finally traced back to configuration of the local service account that was set up to authenticate with the Web API. Once this was resolved, the batch request worked as expected.
Thanks to Vince for helping to troubleshoot!