401 Unauthorized. access_denied. invalid_client.
this is the response i get when trying to hit the api after our company enabled saml sso. i am trying to write a python script to fetch user data using the client credentials flow. i thought that enabling saml for human users would not affect programmatic access via api keys, but the token endpoint is rejecting my request.
here is my code:
import requests
url = "https://api.mypurecloud.com/oauth/token"
payload = {
"grant_type": "client_credentials",
"client_id": "my-client-id",
"client_secret": "my-client-secret",
"scope": "admin"
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.post(url, data=payload, headers=headers)
print(response.status_code)
print(response.json())
the error says:
{
"error": "invalid_client",
"error_description": "Client authentication failed"
}
i checked the developer portal and the client secret looks correct. i also tried using the authorization code flow but i cannot redirect a python script to a browser for the saml login. i am confused if saml sso disables the client credentials grant entirely or if i need a different scope. my manager said we need to keep api access for our reporting tool which runs on a server. i am in mexico city and the time zone might be affecting something? no probably not.
how do i get a bearer token for a service account when saml is forced for all users? do i need to create a specific “service” user in genesys cloud and assign it a different auth method? i am new to this oauth stuff and the documentation is overwhelming. any help is appreciated.