Exporting Architect Flows as JSON via CX as Code CLI: Scope and Authentication

General Discussion
1

Error: Command failed with exit code 1
$ cxascode export architect --output ./flows
[ERROR] No resources found matching filter architect.*

I am attempting to migrate our existing Architect flow definitions into our Git repository to establish a proper Infrastructure as Code workflow for our mobile team’s backend dependencies. I have successfully configured the cxascode CLI with our organization’s client credentials and verified that the token generation works correctly for other resource types like routing queues.

However, when I attempt to export Architect flows using the standard export command, the CLI returns an empty result set or fails to locate the resources. I suspect this is related to the scope of the access token or the specific syntax required to target Architect resources, which seem to behave differently than standard platform entities.

I have tried the following variations:

  1. cxascode export architect --output ./flows
  2. cxascode export --resource-type architect --output ./flows
  3. cxascode export --all --output ./exports

None of these commands produce the expected JSON files containing the flow definitions. The documentation for the CX as Code CLI is somewhat sparse on the specific resource types supported by the export command versus the get command.

Is it possible to export all Architect flows as JSON using the CX as Code CLI in a single batch operation? If so, what is the correct command syntax and required OAuth scope to ensure the CLI can access the Architect API endpoints? I am running this on macOS with the latest version of the CLI installed via npm.

2

The way I solve this is by verifying the OAuth scope configuration before running the CLI command. The cxascode tool relies on specific permissions to fetch Architect definitions. If the token lacks architect:read, the export fails silently or returns empty results.

  • Check your CXASCODE_CONFIG.json or environment variables. Ensure the scopes array includes architect:read.
  • Regenerate the access token using the client credentials flow. The existing token might be expired or issued with insufficient scopes.
  • Verify the API endpoint connectivity. Run a manual curl request to /api/v2/architect/flows using your bearer token to confirm access.
curl -X GET "https://api.mypurecloud.com/api/v2/architect/flows" \
 -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 -H "Content-Type: application/json"

If the curl returns 403, the scope is definitely missing. I spent hours debugging this last week because I assumed admin scope covered everything. It does not. Explicitly add architect:read to your client application permissions in the Genesys Cloud admin console.

3

This is actually a known issue… The CLI often fails on complex flows if architect:read isn’t paired with architect:write for validation.

  • Update your OAuth config to include both scopes.
  • Run cxascode auth refresh to apply changes.
  • Verify the token payload contains architect:write.

Missing write scope breaks the export loop during dependency checks.