I’m building a backend service in Python to pull historical queue metrics. It runs on a cron schedule, no user interaction. The docs show two main grant types for getting that access token. Client Credentials feels like the right fit since it’s machine-to-machine, but the Authorization Code flow keeps popping up in examples for ‘secure’ integrations.
I tried Client Credentials first. Here’s the curl command I used to test:
curl -X POST 'https://api.mypurecloud.com/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=MY_CLIENT_ID&client_secret=MY_SECRET&scope=analytics:report:read'
The response came back with a 200 OK and a token. I used that token to hit the /api/v2/analytics/queues/realtime endpoint. It worked fine for a bit. Then I noticed the token expires in 3600 seconds. I added logic to refresh it, but I’m hitting a wall when the token actually expires. The refresh token isn’t included in the Client Credentials response, obviously. So I have to re-issue the whole client credentials request. That feels heavy for a simple script that runs every 15 minutes.
I read that Authorization Code gives you a refresh token, which is nicer for long-running services. But how do I kick off the Authorization Code flow without a user clicking a button? I don’t have a frontend. I’m just running a script on a Linux box in Sydney.
Is there a way to automate the Auth Code grant for a server-side app? Or am I stuck polling with Client Credentials every time the token drops? The SDK examples are all over the place, some use implicit grants which are deprecated, others assume a browser context. I just want the cleanest way to keep the token alive without managing a refresh loop manually. Any code examples for a headless Python setup would be great.