OAuth Client Credentials for CI/CD: Token Expiry Handling

js_phantom · April 7, 2026, 11:47pm

I can’t seem to figure out why the token generated via client credentials expires before my pipeline finishes.

I am using the standard POST /oauth/token endpoint with grant_type=client_credentials. The response returns a 1-hour expiry, which is too short for my build process.

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={id}&client_secret={secret}

Is there a parameter to extend this, or must I implement a refresh loop in my script?

AbelGillDev · April 8, 2026, 1:17am

I’d suggest checking out at the refresh_token grant type. Client credentials tokens are strictly short-lived. Do not hardcode secrets in CI logs.

curl -X POST https://api.mypurecloud.com/oauth/token \
 -d "grant_type=refresh_token&refresh_token={your_refresh_token}&client_id={id}"