We’re building a backend service to pull Genesys Cloud reporting data into New Relic. The app runs on a server, has no user interaction, and needs to fetch metrics like tHandle every 30 minutes.
Right now I’m using the Authorization Code flow with a refresh token. It works, but I have to manage token expiry and storage carefully. The docs mention Client Credentials flow for server-to-server apps.
Here’s my current token request:
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=my-client-id&refresh_token=...&scope=analytics:metrics:read
I tried switching to Client Credentials:
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=my-client-id&client_secret=my-secret&scope=analytics:metrics:read
This returns a 200 OK and I get a token. But when I call /api/v2/analytics/details/query, I get a 403 Forbidden. The scope seems correct.
Is Client Credentials even supported for analytics scopes? Or am I missing something in the integration setup? The Auth Code flow works fine, just annoying to maintain. Want to simplify if possible.
Also, we’re in the America/Sao_Paulo timezone, not sure if that affects token validity or anything.
Any ideas on why Client Credentials fails here?