Having some issues getting my configuration to work correctly when simulating high user concurrency for security audit compliance. The goal is to validate that OAuth token refresh endpoints can handle the expected throughput during peak hours without dropping connections. Environment is Genesys Cloud US1. Tool is JMeter 5.6. We are using a Thread Group with 500 users, ramp-up time 60 seconds, and a loop count of 10. The test hits the POST /api/v2/auth/token endpoint.
Initially, the requests succeed. However, after about 120 seconds, the response time spikes, and we start seeing failures. The error message returned is:
{ "status": 401, "statusText": "Unauthorized", "message": "Invalid refresh token. Token may have expired or been revoked." }
This is unexpected because the refresh tokens are generated dynamically before the test starts and should be valid. I suspect the issue might be related to how Genesys handles concurrent token revocation or session state during high load. Is there a specific rate limit for token refresh operations that I am missing? Or does the platform invalidate tokens prematurely under stress? I need to ensure our security compliance tests reflect real-world behavior accurately. Any insights on configuring JMeter to handle session persistence better in this scenario would be appreciated.