I’m building a token service for a BPO client that needs to manage multiple divisions within a single Genesys Cloud org. The goal is to create dedicated OAuth clients per division so we can scope access tightly.
The docs for POST /api/v2/oauth/clients state: “The divisionId field specifies the division to which the client belongs. If not specified, the client is created in the default division.”
I’m sending this payload:
{
"name": "BPO Client - Division A",
"clientId": "custom-client-a",
"divisionId": "8f7d6c5b-4a3b-2c1d-0e9f-8a7b6c5d4e3f",
"grantTypes": ["client_credentials"]
}
The divisionId is valid; I pulled it directly from GET /api/v2/organizations/divisions. Yet I keep getting a 400 Bad Request with no useful error message in the body.
I’ve checked the permissions on the admin token used to make the call. It has admin:oauth:client and admin:division.
Is there a hidden requirement for division scoping on OAuth clients? The docs don’t mention any specific constraints beyond the ID being valid.