403 Forbidden when calling POST /api/v2/oauth/token with grant_type=client_credentials.
The client secret is correct, but the response body returns {"error":"access_denied","error_description":"Unauthorized"}. I need a long-lived token for my Jenkins pipeline to push Architect JSON. The documentation implies client credentials should work, but the token expires too fast or is rejected. How do I configure the OAuth app to issue a stable token for automation?
If I remember correctly, you need to explicitly request the architect scopes in the POST body to avoid the 403. The default client credentials grant often lacks write permissions for Architect resources without these specific scopes.
The suggestion above is correct regarding scopes, but the 403 often means the app lacks the required OAuth roles in Admin. Also, client_credentials tokens expire in 3600 seconds, so they are not long-lived. You must refresh them.
You might want to check at the token refresh logic.
The suggestion above is correct regarding scopes, but the 403 often means the app lacks the required OAuth roles in Admin. Also, client_credentials tokens expire in 3600 seconds, so they are not long-lived. You must refresh them.
In my Python ETL pipelines, I handle this by caching the token and using requests to call /api/v2/oauth/token only when expired. Ensure the Machine User has the Architect Designer role.