Problem
I’m building a Python script to pull adherence and service level data for our WFM reports. It’s a server-side app that runs on a schedule, no human interaction involved. I need to figure out which OAuth grant type to use.
Current Setup
I started with Authorization Code because that’s what the docs show first. But it requires a refresh token rotation every 30 days or so. For a background job, that feels like overkill.
Code Attempt
Here’s how I’m currently fetching the token using requests:
import requests
auth_url = "https://api.mypurecloud.com/oauth/token"
payload = {
"grant_type": "client_credentials",
"client_id": "my_client_id",
"client_secret": "my_secret"
}
response = requests.post(auth_url, data=payload)
print(response.status_code)
print(response.json())
When I run this, I get a 403 Forbidden. The error message says "error": "invalid_grant". I checked the client credentials in the Developer Console, and they look correct.
Question
Is Client Credentials even allowed for this? The docs mention it’s for “backend services”. I assumed that fit. If it’s blocked, should I stick with Authorization Code and just handle the refresh logic in the script? Or is there a better way for a headless WFM reporting tool?
I want to avoid manual intervention if possible. The script needs to run every hour without me logging in to refresh anything.
Any ideas why the 403 is happening? Or am I just using the wrong grant type entirely?