Running into a wall with the NICE CXone API again. I’m building a custom dashboard that pulls queue stats via the DFO API, and I can’t get past the auth layer.
I’ve generated an OAuth2 token using the client credentials flow. The token request succeeds, and I can see the scopes in the response. Here’s the relevant part of the token payload:
{
"scope": "routing:queue:view routing:queue:member:view api:read",
"expires_in": 1800
}
According to the docs, routing:queue:view should be sufficient for a GET request on /api/v2/routing/queues. It is. But when I hit the endpoint, I get a 403 Forbidden.
Here’s the curl command I’m using:
curl -X GET "https://api.nicecxone.com/api/v2/routing/queues?pageSize=25&page=1" \
-H "Authorization: Bearer <TOKEN>" \
-H "Accept: application/json"
The response body is just:
{
"code": "forbidden",
"message": "You do not have permission to perform this action."
}
I’ve checked the user associated with the client ID in the admin portal. The user has the “Routing Administrator” role. I’ve even tried adding routing:queue:edit to the scope request, thinking maybe the view scope is broken, but it still fails with 403. The token is fresh, not expired. The endpoint is correct. I can successfully call /api/v2/users/me with the same token, so the auth header is definitely reaching the server.
Is there a hidden scope requirement for queue data? Or is this a known issue with the DFO API endpoints specifically? I’ve searched the community for similar 403s on queue endpoints but most results point to division IDs, which I’m not passing because I want all queues.
Any ideas what’s blocking this?