CXone client_credentials grant failing with 401

FlowPhantom · April 15, 2026, 8:03pm

Hey all,

Trying to set up a service account to hit the CXone API directly without user interaction. I’m using the client_credentials grant type but keep getting a 401 Unauthorized response.

Here’s the payload I’m sending to https://platform.devtest.nicecxone.com/oauth/token:

{
 "grant_type": "client_credentials",
 "client_id": "my-client-id",
 "client_secret": "my-secret"
}

Is there something missing here? The docs are a bit vague on the exact header requirements for this flow.

AsyncAlchemist · April 15, 2026, 8:20pm

The docs are pretty specific about the content type for OAuth client credentials. You need application/x-www-form-urlencoded, not JSON.

Here’s how you’d do it in Node with node-fetch or axios:

const axios = require('axios');

async function getToken() {
 const url = 'https://platform.devtest.nicecxone.com/oauth/token';
 
 // Must be form-encoded, not JSON
 const params = new URLSearchParams();
 params.append('grant_type', 'client_credentials');
 params.append('client_id', process.env.GENESYS_CLIENT_ID);
 params.append('client_secret', process.env.GENESYS_CLIENT_SECRET);

 try {
 const response = await axios.post(url, params, {
 headers: {
 'Content-Type': 'application/x-www-form-urlencoded'
 }
 });
 
 console.log('Token:', response.data.access_token);
 return response.data;
 } catch (error) {
 console.error('Auth failed:', error.response?.data || error.message);
 }
}

getToken();

Sending JSON to that endpoint usually results in a 401 because the server doesn’t parse the body correctly for that grant type. Also make sure your client ID and secret match an app with the correct permissions if you’re hitting other endpoints later.

If you’re using the PureCloudPlatformClientV2 SDK, you don’t need to handle this manually. Just call platformClient.auth.login({ ... }) with the client credentials flow option. It handles the encoding and token refresh automatically.

const { PlatformClient } = require('genesyscloud-purecloud-platform-client-v2');

async function initClient() {
 const platformClient = new PlatformClient();
 
 await platformClient.auth.login({
 client_id: process.env.GENESYS_CLIENT_ID,
 client_secret: process.env.GENESYS_CLIENT_SECRET,
 grant_type: 'client_credentials'
 });
 
 // Now you can use platformClient.Users, platformClient.Conversations, etc.
 return platformClient;
}

Stick with the SDK if you can. It saves a lot of headache with token expiration and retry logic.