Exporting all Architect flows to JSON with CX as Code CLI keeps failing

Trying to dump every Architect flow from our environment into a git repo for version control. Coming from Five9 where the export was basically a single button click, so I figured the CX as Code CLI would handle it the same way. The docs mention nicedcv export, but I keep hitting walls. I’ve already verified the credentials work fine against the raw API. Running a quick curl to /api/v2/architect/flows with a bearer token generated from the same client ID and secret pulls back the full list without any hiccups. The CLI just refuses to play nice.

Here is what I have tried so far:

  • Set the environment variables directly in the terminal before running the command. Got a 401 unauthorized error immediately.
  • Added the --include-all flag to force a complete pull. Command ran without throwing an error, but the output folder only contained three flows instead of the forty-two we actually have. Checked the JSON structure of one exported file and it looked complete.
  • Tried piping the output to a file with nicedcv export --type architect > flows.json. The CLI just printed a bunch of debug logs to stdout instead of writing the file.
  • Created a fresh .nicedcv config file in the project root with the exact same credentials. Still hitting the same 401.

The CLI just doesn’t seem to respect the environment variables I set. Is there a specific flag I am missing to force a full export, or do I need to generate a new token specifically for the CLI tool? The documentation jumps straight to importing without explaining the export auth handshake. Here is the exact command line I am running:

export NICECXONE_CLIENT_ID="my-client-id"
export NICECXONE_CLIENT_SECRET="my-client-secret"
export NICECXONE_ENVIRONMENT="myenv.nicecxone.com"
nicedcv export --type architect --format json --output ./architect-backup

Output just says Error: 401 Unauthorized. Check your credentials. even though I can curl that exact endpoint with a token generated from those same creds five seconds later. Pretty sure I’m missing something obvious here. The OAuth2 client credentials grant should work the same way across all tools. Not sure if the CLI expects a different scope or if I need to pass the token as a command line argument instead of relying on env vars. Going to try hardcoding the token directly into the command to see if that bypasses the handshake issue.