So here's what I figured out with the help of support yesterday.  There are 2 ways to get a token.  Through the web page or using oauth2. Both can work but oauth2 is more robust. Depending on which method you use you have to use a different header for your calls.

If you use the first method (auth):

request.AddHeader("Authorization", "Zoho-authtoken " + authtoken);

If you use the second method that also returns a refresh token:

request.AddHeader("Authorization", "Zoho-oauthtoken " + oauthtoken);

The ONLY DIFFERENCE is authtoken or oauthtoken.