Building a backend service in Kotlin that pulls historical conversation metrics via /api/v2/analytics/conversations/queries. It runs on a cron job, no user interaction involved. Looking at the docs, client_credentials seems like the obvious pick since it’s machine-to-machine. But I’ve seen mentions of authorization_code being required for certain analytics scopes or if the data access needs to tie back to a specific user context for auditing.
I’ve got the token request working fine with client_credentials:
POST /oauth/token
grant_type=client_credentials
scope=analytics:conversation:view
Returns a 200 with the access token. But when I use that token to query the analytics endpoint, I’m getting 403 Forbidden with error code invalid_grant_scope. The error message is vague.
Is client_credentials just not supported for analytics endpoints? Or do I need to store a long-lived refresh token from an authorization_code flow even for a headless service? Don’t want to implement the whole user login flow just to get some CSV data. What’s the standard pattern here for a reporting bot?