We’re rolling out a BPO solution where a single Android app needs to connect to different Genesys Cloud organizations based on the agent’s login. Each org has multiple divisions, and we need the app to only see resources (like users or queues) within a specific division assigned to that agent.
I’ve created a confidential client in the Genesys Cloud admin, and I’m using the standard oauth/token endpoint to get an access token. The problem is that the token seems to have access to all divisions in the organization, or at least the API calls aren’t filtering by division as expected.
Here’s the Kotlin code I’m using to get the token:
val url = "https://api.mypurecloud.com/oauth/token"
val requestBody = FormBody.Builder()
.add("grant_type", "client_credentials")
.add("client_id", clientId)
.add("client_secret", clientSecret)
.build()
val request = Request.Builder()
.url(url)
.post(requestBody)
.build()
client.newCall(request).enqueue(object : Callback {
override fun onFailure(call: Call, e: IOException) {
// handle error
}
override fun onResponse(call: Call, response: Response) {
val body = response.body?.string()
val token = body?.let { JSONObject(it).getString("access_token") }
// Use token for API calls
}
})
After getting the token, I call GET /api/v2/users and I get back users from all divisions. I tried adding a divisionId header or query param, but it doesn’t seem to restrict the scope of the token itself. Is there a way to scope the OAuth client to specific divisions during the token request? Or do I need to filter the results client-side?
I’ve checked the division settings in the admin UI, but I don’t see an option to restrict a client to specific divisions. Any ideas?