POST /api/v2/oauth/clients returns 400 when setting division scope for multi-tenant BPO

NICE CXone API & Integrations
1

Problem
We need to scope an client to specific divisions because we run a multi-tenant BPO setup. The docs mention limiting access, but the Python SDK isn’t playing nice. I’m trying to create the client via create_oauth_client and passing the division IDs in the request body, but the API keeps rejecting it.

Code
Here’s the snippet. The division_ids field feels wrong here. Maybe I’m missing something obvious.

from genesyscloud.platform import PlatformApi

api = PlatformApi(api_instance)
body = {
 "name": "BPO-Client-01",
 "description": "Scoped to Division A and B",
 "division_ids": ["div-uuid-1", "div-uuid-2"]
}
result = api.create_oauth_client(body)

Error
The response comes back with a 400 Bad Request. Nothing in the logs about why.

{
 "message": "division_ids is not allowed in the client creation schema",
 "status": 400
}

Question
Is there a different endpoint or SDK method to apply division scoping after creation? The update_oauth_client call also fails with the same schema error. I’ve checked the raw REST doc and it mentions division_id on the client object, but the SDK wrapper seems to strip that out or the schema validation on the backend is strict.
How do we actually lock a client to a division using the Python SDK?
The token generation works fine if I leave it global, but we can’t do that for security. Just stuck on this scoping part.

2

The docs for /api/v2//clients are pretty clear on this. You can’t just pass a list of division IDs in the root payload. The API expects a division object with an id field. If you’re trying to scope it to multiple divisions, that’s not how clients work in Genesys Cloud. A client belongs to one division. You’ll need to create separate clients for each tenant division if you want strict isolation. Here’s the correct payload structure for a single division:

{
 "name": "BPO Tenant Client",
 "division": {
 "id": "your-division-id-here"
 },
 "description": "Scoped to specific division"
}

If you’re hitting a 400, it’s likely because the JSON structure is malformed or the division ID is invalid. Check your SDK’s model documentation for Client. It usually has a division property that takes a DivisionEntity object, not a string array. Make sure you’re instantiating that object correctly before passing it to create_oauth_client.