Getting a 401 Unauthorized response when trying to fetch an access token via the Client Credentials grant using the Python requests library. The endpoint is https://api.mypurecloud.com/oauth/token. I’ve verified the client_id and client_secret in the Genesys Cloud admin console under Apps > API Access. The credentials look correct, but the request keeps failing. Here is the minimal reproducible code block:
import requests
import base64
client_id = 'my_client_id'
client_secret = 'my_client_secret'
url = 'https://api.mypurecloud.com/oauth/token'
# Attempting basic auth via header
headers = {
'Authorization': f'Basic {base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()}',
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'client_credentials',
'scope': 'admin:report:read'
}
response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)
The response body is just {"error":"invalid_client"}. I’ve tried sending the credentials in the body as well, but that yields the same result. The scope admin:report:read is definitely attached to the app in the UI. I’m running Python 3.9.7. Is there a specific format requirement for the Authorization header that I’m missing? Or is the scope string wrong? I’ve checked the docs but they just show a curl example. The base64 encoding seems fine when I test it locally. Maybe the secret has special characters? I’ve tried escaping them but no luck. This is blocking the nightly reporting script. Any pointers on what’s actually invalid about the client? The app status is Active.