We’ve set up a new OAuth client for a multi-tenant BPO setup and added specific division IDs to the client’s allowed_divisions array. When we generate a token and call GET /api/v2/users, we’re still getting users from all divisions instead of just the scoped ones. Is there a specific scope we need to add to the token request for the division filter to actually work?
POST /oauth/token
{
"grant_type": "client_credentials",
"client_id": "abc-123",
"client_secret": "secret",
"scope": "admin:users:view"
}