I don't have an answer to your problem but i did have a similar experience. Last year I had upgraded my lab from 11.6 to 12.5, and I had an issue with the security protocols on my servers. My symptom was that I was unable to get the online licensing to validate. After several tries, TAC got on and they had to manually reset the certificates for almost every server in my system.
It seemed like the lab installation instructions I was using did not specify which servername to use and since I chose the wrong one, none of them would talk to each other.
In 12.5 all communications to UCCX are TLS enabled, and thus HTTPS protocol should be used to connect to UCCX(I believe ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; fixes that for you). Connections to HTTP port 8082 will automatically get redirected to 8445 through server-side redirects. Furthermore, the API is protected and thus needs an authorization header. The credentials that have to be used in the authorization header for getting the details of an agent would be the agent's own credentials, or the credentials of the supervisor of the team that the agent belongs to, or the administrator's credentials. It looks like the authorization header is missing or is containing invalid credentials as the server returns 401 - unauthorized. Please see https://developer.cisco.com/docs/finesse/#!user%e2%80%94get-user/userget-user for more details. I don't think ServicePointManager.Expect100Continue = true; is required here though.