We’re hitting a hard 401 Unauthorized on GET /api/v2/analytics/conversations/details/queries right after the POST /api/v2/oauth/token refresh cycle finishes. The reporting service lives on a Manila VM, yet the Genesys auth gateway won’t accept the fresh access_token inside the first sixty seconds. Checking the expires_in claim shows 3599, but the pipeline breaks anyway. I’ve inspected the JWT payload and the iat timestamp sits exactly 52 seconds ahead of our local date -u output. The refresh routine uses grant_type=client_credentials with static secrets. Running that identical Authorization: Bearer <token> header through Postman doesn’t throw errors. Our chrony daemon syncs to pool.ntp.org but the drift spikes during batch jobs. I tried patching the SDK client with a clock_skew tolerance override, but the Python wrapper doesn’t expose that flag. The analytics query body stays the same, only the header rotates. The platform keeps returning {"error":"unauthorized","error_description":"Token expired or invalid"} even though the exp claim sits nearly an hour out.