We’re migrating a legacy reporting service to pull CXone interaction data. The goal is to use the client_credentials grant type since this is a server-to-server cess and no human is logging in. I’ve followed the NICE CXone OAuth documentation to the letter, but the token endpoint keeps rejecting the request.
Here’s the curl command I’m using to test:
curl -X POST https://api.cxone.com/as/token.oauth2 \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET"
The response is always a 400 Bad Request:
{
"error": "invalid_grant",
"error_description": "Bad request"
}
I’ve triple-checked the client_id and client_secret in the CXone Developer Console. They match exactly. I’ve also tried URL-encoding the client secret, just in case there were special characters, but that didn’t change anything. The endpoint seems correct based on the docs, but maybe I’m missing a header? I tried adding Authorization: Basic base64(client_id:client_secret) but that just made it worse with a 401.
Is there a specific scope I need to request in the body for client_credentials? The docs mention api scope for some endpoints, but for the token itself, it’s silent. I’ve also verified the client isn’t disabled in the console. This is blocking our nightly analytics job. Any ideas why the grant type is being rejected?