We’re building a backend service to pull queue performance data every hour. It’s just reading stats, no user interaction involved. I’ve been using the Authorization Code flow with a refresh token stored in our DB, but the tokens keep expiring faster than expected and I’m getting 401s in the logs. Is it even worth maintaining that OAuth dance for a headless reporter? I tried switching to Client Credentials to simplify things, but the docs are vague on whether that grant type has the same scope permissions for analytics endpoints.
Here’s what I’m seeing with the client credentials flow:
POST /oauth/token
{
"grant_type": "client_credentials",
"scope": "analytics:read"
}
It returns a token fine, but when I hit /api/v2/analytics/queues/summary, I get a 403 Forbidden. The Authorization Code flow works, but it’s a pain to manage the refresh lifecycle in our Node app. Should I just stick to Auth Code and fix my refresh logic, or is there a specific scope I’m missing for Client Credentials? The admin UI shows the app has the right permissions, so it’s confusing why the token fails.