Hey everyone,
I am running a load test for our custom agent desktop integration to validate the OAuth 2.0 token retrieval flow under high concurrency. We are using JMeter 5.6.2 with the HTTP Request sampler pointing to the Genesys Cloud Platform API endpoint /api/v2/oauth/token. The goal is to simulate 500 concurrent agents logging in simultaneously to check the rate limiting behavior.
The issue is that after about 50 requests, I start receiving 403 Forbidden errors with the message "error": "invalid_grant", "error_description": "Bad request". This happens even though the client ID and secret are correct and the grant type is client_credentials. When I run the same script with only 10 concurrent users, it works perfectly fine with 200 OK responses.
I checked the network logs and see that the request headers include the required Content-Type: application/x-www-form-urlencoded. I am also passing the scope parameter correctly as urn:genesys:cloud:platform. I suspect this might be related to API rate limits or some security throttle on the authentication endpoint, but I cannot find specific documentation on the token endpoint’s burst capacity.
Has anyone encountered similar issues during OAuth load testing? Is there a specific header or parameter I need to include to bypass this throttle, or is this a hard limit on the free/developer tier? I am working in the Singapore region.
Any help would be appreciated!
Thanks,
Sil