I’m trying to pull a list of queues using the Genesys Cloud API, but I keep hitting a wall with a 403 Forbidden error. I’ve got the token generation working fine using client credentials, and I can successfully call other endpoints like /api/v2/users/me. It seems like a permissions issue on the OAuth side rather than a network problem.
Here is the Python snippet I’m using to make the request:
import requests
import json
token_url = "https://api.mypurecloud.com/oauth/token"
headers = {"Content-Type": "application/x-www-form-urlencoded"}
payload = {
"grant_type": "client_credentials",
"client_id": "my_client_id",
"client_secret": "my_client_secret"
}
response = requests.post(token_url, headers=headers, data=payload)
token = response.json()["access_token"]
# Now trying to get queues
queue_url = "https://api.mypurecloud.com/api/v2/routing/queues"
queue_headers = {"Authorization": f"Bearer {token}"}
queue_response = requests.get(queue_url, headers=queue_headers)
print(queue_response.status_code)
print(queue_response.text)
The output is consistently 403 with a JSON body saying "message": "Forbidden". I assumed routing:queue:read would be enough based on the docs, but maybe I’m missing something obvious. Has anyone else hit this when using service accounts for DevOps automation? I need to script the queue configuration for our Terraform provider, so manual UI checks aren’t an option. Just need to know the exact scope string to add to the client credentials grant.