Spent the last hour staring at a 401 Unauthorized response from https://platform.cybersoft.com/api/v2/authorization/oauth/token. I need to set up a backend service that pulls queue stats without user context, so client_credentials is the only play here. My app is registered in the CXone Developer Portal with the correct scopes (analytics:read, :read), and the client ID and secret match what’s in the UI.
Here’s the raw curl I’m running to test before I wire it into Python:
curl -X POST "https://platform.cybersoft.com/api/v2/authorization/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=MY_APP_ID&client_secret=MY_SECRET"
The response is immediate and brutal:
{
"error": "invalid_client",
"error_description": "Client authentication failed"
}
I’ve regenerated the secret twice. Copied it directly from the portal to avoid whitespace issues. Checked the environment variable in my local .env file. It’s not a typo. The endpoint works fine for password grants when I pass a username and password, which tells me the network path is open and the app is active. But the machine-to-machine flow is dead.
Is there a specific permission on the app configuration that blocks client_credentials even if the scopes look right? Or is the token endpoint different for EU instances? The docs are vague on regional differences for OAuth endpoints. I’m on the EU-1 platform. Any idea why the client auth is failing?