Our CI/CD pipeline keeps failing at 3 AM with a 401 Unauthorized error when trying to update routing queues. We’re using a Service Account to generate a Bearer token, but it seems to expire way too fast for a nightly job that might get queued up.
Here’s the curl command we use in the Jenkins script to get the token:
curl -X POST "https://api.mypurecloud.com/api/v2/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=<OUR_CLIENT_ID>&client_secret=<OUR_SECRET>"
The response looks fine initially:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
But if the pipeline takes longer than an hour to run, the subsequent PUT requests to /api/v2/routing/queues fail. We tried setting the expires_in to a higher value, but the API just ignores it and gives us 3600 seconds.
We can’t use a short-lived token for a batch cess. We need something that lasts at least 24 hours or doesn’t expire until revoked. The docs mention offline_access for refresh tokens, but that seems to be for user flows, not client_credentials.
Is there a way to generate a long-lived API token for a Service Account? Or do we have to implement a refresh token loop in our bash script? We’ve tried adding refresh_token to the scope list, but the token response doesn’t include a refresh_token field. Just the access token.
This is getting annoying. We’re running the same script every night and it breaks randomly based on queue depth in Jenkins. Any ideas?