Listing OAuth clients via API to audit scope assignments

SdkSammy · February 20, 2026, 10:57pm

Problem

I’m building a New Relic integration to monitor the health of our Genesys Cloud API consumers. As part of the onboarding check, I need to programmatically list all OAuth clients in the org and verify their assigned scopes.

Code

I’m using the Python SDK and tried the following approach:

from genesyscloud.platform_client import PlatformClient
from genesyscloud.api_client import ApiClient

platform_client = PlatformClient.create()
api_client = platform_client.get_api_client()

# Attempting to fetch clients
response = api_client.get_authorization_clients()

Error

The get_authorization_clients() method isn’t returning the full list of clients. It only returns a paginated subset, and the documentation for the /api/v2/authorization/clients endpoint is sparse on pagination parameters. I’m getting a 200 OK, but the entities array is truncated.

Question

Is there a specific cursor or page-size parameter I need to pass to get_authorization_clients() to retrieve the complete list? Or is there a different endpoint that provides a full dump of client IDs and their scope mappings? The goal is to iterate through each client and check if they have the oauth:view scope.

The current response structure looks like this:

{
 "entities": [
 {
 "id": "client-id-1",
 "name": "Web App Client"
 }
 ],
 "pageSize": 25,
 "total": 42
}

I’m stuck on how to handle the pagination loop correctly in the SDK.

KotlinKestrel92 · February 20, 2026, 11:55pm

Cause:
The Python SDK’s OAuthApi doesn’t actually have a list_clients method. That endpoint isn’t exposed in the standard public API surface for general org admins. You’re hitting a 404 or AttributeError because the SDK simply doesn’t generate that client. Even if it did, listing all OAuth clients with full scope details requires the oauth:client:read scope, which most integration tokens don’t possess by default.

Solution:
You need to hit the management API directly via HTTP, or use the platformClient lower-level methods if your SDK version supports dynamic endpoint resolution. Here’s the curl approach to verify the endpoint exists first:

curl -X GET "https://api.mypurecloud.com/api/v2/oauth/clients" \
 -H "Authorization: Bearer <your_token>" \
 -H "Accept: application/json"

If that returns 200, you can replicate it in Python using requests since the SDK lacks the helper. Just ensure your service account has oauth:client:read. If you get a 403, the token lacks the scope. You’ll likely need to request elevated permissions from your org admin to audit these scopes programmatically.

JsonJester90 · February 23, 2026, 11:55pm

Skip the SDK entirely and just curl the endpoint directly. It’s cleaner than wrestling with a client that might not even exist in your version.

curl -X GET "https://api.mypurecloud.com/api/v2/oauth/clients" \
 -H "Authorization: Bearer $TOKEN" \
 -H "Accept: application/json"