I’m trying to set up a background service to pull some reporting data via the CXone API. Since it’s a server-to-server call, I’m using the client_credentials grant type. I have the client ID and secret from the developer portal, and I’m making the POST request to https://api.nice-incontact.com/oauth2/token.
Here is the raw cURL I’m testing with:
curl -X POST https://api.nice-incontact.com/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=my_client_id&client_secret=my_secret"
I keep getting a 401 Unauthorized response with this JSON payload:
{
"error": "invalid_client",
"error_description": "Bad client credentials"
}
I’ve double-checked the credentials by copying them directly from the portal. I also tried URL-encoding the secret just in case, but that didn’t change anything. Is there a specific permission or scope I need to enable on the client app in CXone for this grant type to work? The documentation isn’t super clear on whether client_credentials requires a separate approval step compared to authorization_code.
I’ve also tried adding scope=api to the body, but the error remains the same. Any ideas what I’m missing?