Generating long-lived API token for CI/CD pipeline via Python SDK

NICE CXone API & Integrations
1

Problem

We’re spinning up a CI/CD pipeline and need a long-lived token so the build doesn’t timeout after an hour. The Python SDK keeps churning out 3600-second access tokens on every auth.login() call.

auth = Client(client_id=ID, client_secret=SECRET)
auth.login()

Error

Token expires mid-run and the Jenkins job fails with a 401. We’ve tried passing custom headers to //token but the SDK overrides them. Any way to force a longer expiry through the client?

2

You’re looking for a refresh token, not a longer access token. The SDK’s login() defaults to client_credentials which gives you that 1-hour expiry. Switch to authorization_code in your CI environment or just handle the refresh manually.

Here’s how you get the refresh token using the Python SDK. You need to pass the grant_type explicitly if you’re doing the initial auth code exchange, but usually, you just set up the client to use the refresh flow.

from purecloudplatformclientv2 import Configuration, ApiClient, AuthorizationApi

# Setup
config = Configuration()
config.host = 'https://api.mypurecloud.com' # Or your org URL

# Initialize auth client
auth_client = ApiClient(configuration=config)
auth_api = AuthorizationApi(auth_client)

# Use authorization_code grant to get refresh_token
# Note: This requires a user context, not a service account
body = AuthorizationRequestBody(
 grant_type='authorization_code',
 code='YOUR_AUTH_CODE',
 redirect_uri='YOUR_REDIRECT_URI'
)

response = auth_api.post_oauth_token(body=body)

# response.refresh_token is what you store in your CI secrets
# It lasts 30 days by default
print(response.refresh_token)

In your pipeline, store the refresh_token. When the access token expires, call post_oauth_token with grant_type='refresh_token' and the stored token. The SDK doesn’t auto-refresh for client_credentials because it’s meant for machine-to-machine where you control the lifecycle.

Warning: Don’t use client_credentials if you need to act on behalf of a user. That grant type has no user context. If your pipeline needs to modify user-specific data, you’re stuck with authorization_code and managing the refresh cycle.