Trying to hit the CXone GetRESTProxy endpoint from an external OTel collector using client_credentials. The token request to https://api.nice-engage.com/oauth/token succeeds, but the subsequent API call returns 401.
POST /oauth/token
grant_type=client_credentials
scope=rest_proxy
The token seems valid, but the CXone API rejects it. Is rest_proxy the correct scope for this flow?
The docs for rest_proxy are a bit vague on the exact scope string. I’ve seen this 401 error before when using client_credentials. The issue usually isn’t the scope name itself, but how it’s formatted or combined.
Try adding api to the scope string. Just rest_proxy often gets rejected by the gateway for external calls. Your POST body should look like this:
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
scope=api rest_proxy
Also, double-check that the client ID you’re using has the rest_proxy permission explicitly granted in the CXone admin console under Applications. If it’s not toggled on there, the token will generate but fail validation. I spent two days debugging a similar issue last week only to find a missing permission flag in the app config. Check that first.
The suggestion above is spot on. You’ll need api in that scope string, or the gateway drops it immediately. Here’s the working curl for the token request:
curl -X POST https://api.nice-engage.com/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&scope=rest_proxy+api&client_id=YOUR_ID&client_secret=YOUR_SECRET"