Docs state: “The access token returned from the /oauth/token endpoint has a default lifetime of 3600 seconds.” I’m trying to set up a long-lived token for our Jenkins CI/CD pipeline to deploy CX as Code configurations. The pipeline runs every 15 minutes, so I don’t want to handle token refresh logic in every build step. It’s messy.
I tried using the client_credentials grant with a dedicated service account. The initial request works fine:
curl -X POST "https://api.mypurecloud.com/oauth/token" \
-H "authorization: Basic <base64_id_secret>" \
-H "content-type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials"
But the token expires in an hour. The docs mention refresh tokens are only available for authorization_code and pkce grants. Using client_credentials in a headless CI environment makes auth code flow impossible. There’s no user context.
Is there a way to extend the token lifetime or get a refresh token for client credentials? Or am I supposed to rotate the client secret every hour? That seems fragile. We’ve seen 401 errors when the pipeline runs late in the hour.
Any code examples for handling this without storing secrets in the pipeline environment variables directly? Preferably using the Python SDK.
Docs say: “Access tokens are short-lived to enhance security.” But it doesn’t explain the CI/CD use case.
Stuck on this.