We need to restrict a service account to specific divisions for our BPO clients in Berlin. Creating the client via the API seems straightforward, but the docs are vague on how to enforce division-level access. I tried setting the scopes to include view:queue, but the token still accesses everything.
Here is the payload I’m sending to POST /api/v2/oauth/clients. The request succeeds, but the resulting access token doesn’t respect the division filter. Am I missing a specific scope or configuration step?
{
"name": "bpo-client-1",
"scopes": ["view:queue", "read:interaction"],
"divisions": ["division-id-1"]
}