Why does this setting persist across my Python script even after I explicitly rotate the credentials? I am pulling historical interaction data via /api/v2/analytics/reporting/query with a custom OData filter. The script initializes a client, fetches the initial page, then loops through $skipToken values to grab the remaining batches. Each request passes the bearer token in the Authorization header. The first two batches return 200 OK and populate the DataFrame. On the third pagination call, the pipeline throws a 401 Unauthorized response. I have confirmed the token expiration payload returns expires_in: 3600. My refresh routine checks the timestamp, calls /oauth2/token with grant_type=refresh_token, and updates the session header before the next request. The logic looks sound. I verify the new token works by hitting /api/v2/users/me immediately after rotation. Yet the batch loop still fails exactly when the original token window closes. I suspect the underlying HTTP client is caching the initial bearer string instead of reading the updated variable. I am using requests.Session() and setting headers via session.headers.update({‘Authorization’: f’Bearer {new_token}'}) before each API call. The OData query string remains identical. The failure consistently occurs at the boundary of the initial grant lifespan. I have disabled connection pooling, forced a new TCP handshake, and logged the exact header payload sent to the gateway. Every log entry shows the rotated token, but the CXone edge returns 401. I need to isolate whether the refresh grant is actually invalidating the active session or if the reporting gateway ignores mid-stream token swaps for long-running OData streams.
Why does this setting cause the reporting gateway to reject the rotated credential despite successful validation on the identity endpoint?