Hitting a wall with a simple auth flow. The goal is to grab an OAuth token via client_credentials inside a CXone Studio script using the REST Proxy action. No user context, just app-to-app.
The code works perfectly in Postman. I send a POST to /api/v2/oauth/token with Content-Type: application/x-www-form-urlencoded and the body grant_type=client_credentials&client_id=MY_ID&client_secret=MY_SECRET. It returns a 200 OK with the access_token.
Now I’m trying to replicate this in Studio. I set up the REST Proxy action. Method is POST. URL is correct. Header for Content-Type is set. The body field is populated dynamically from script variables.
The response comes back as a 401 Unauthorized. The error payload is standard:
{
"code": "unauthorized",
"message": "Invalid client credentials",
"status": 401
}
I’ve verified the client ID and secret are stored securely in Studio Secrets and are being pulled correctly into the script variables. I logged the outgoing request body in the debug view. It looks identical to what works in Postman.
Is there something weird with how the REST Proxy handles x-www-form-urlencoded bodies? Or maybe an encoding issue with the secret key containing special characters? I tried URL-encoding the secret manually in the script before passing it to the action, but that didn’t change anything.
Here’s the snippet for the body assignment:
ASSIGN body = "grant_type=client_credentials&client_id=" + client_id + "&client_secret=" + client_secret
Nothing jumps out. The string looks clean. Tried swapping to JSON body format just to test, but the endpoint rejected it outright with a 415 Unsupported Media Type, which is expected.
Anyone else wrestled with this? Feels like a basic config oversight but I’m staring at it too long.