The docs state: “POST /oauth/token with grant_type=client_credentials.” I’m refreshing our token service and it’s failing hard. We rotated the client secret in the developer portal yesterday. The old secret works for exactly 10 more minutes until it expires, but the new one is rejected immediately. Here’s the curl command I’m running from our Amsterdam staging box:
curl -X POST https://api.mypurecloud.com/oauth/token
-H “Content-Type: application/x-www-form-urlencoded”
-d “grant_type=client_credentials&client_id=my_app_id&client_secret=new_secret_value”
The response is a clean 401 Unauthorized. No JSON body, just the status code. I’ve verified the client_id is correct. I’ve checked that the app has the integration:all scope. The timestamp on my server is synced via NTP, so clock skew isn’t the issue. It feels like the secret hasn’t propagated to the token endpoint yet, or there’s a cache on the gateway. I’ve tried waiting an hour. No change.