We’re running an audit routine to map every client_id in the org and verify the attached scope assignments. The dashboard connectors need this data before we push to production. Here is the request block we’re using for the initial pagination:
headers = {"Authorization": f"Bearer {token}", "Accept": "application/json"}
resp = session.get("https://api.mypurecloud.com/api/v2/oauth/clients", params={"pageSize": 500}, headers=headers)
The resp.json()['entities'] mapping breaks because scope is missing. We only see id, name, and clientId in the response array. It’s documented that the bulk endpoint strips sensitive fields for performance. Tried appending fields=scope to the query string. The gateway throws 400 Bad Request with "errorCode": "invalid_parameter".
Switched to iterating through GET /api/v2/oauth/clients/{id} inside a for loop. That pulls the full scope array correctly. It’s hitting the rate limiter hard though. Org has 412 registered applications. The script hits 429 Too Many Requests after 18 sequential calls. We’ve added Retry-After header parsing and exponential backoff, but the CI job times out at 300s.
Current Python implementation uses requests.Session() with a cached Bearer token from the client credentials flow. It’s not an auth issue. Single lookup returns 200 with complete metadata. Bulk fetch consistently returns truncated payloads. We can’t get the permission set without hitting individual endpoints. Maybe a specific query flag or an alternative analytics endpoint that exposes client metadata? The validation logic stalls on line 42 when the array comes back empty.