We are automating our CXone Terraform state backups using Python requests to fetch OAuth2 tokens. The documentation specifies the Client Credentials flow, but our POST to /api/v2/oauth2/token returns a 401 Unauthorized error. The client_id and client_secret are verified correct in our vault. Here is the request payload we are sending.
import requests
import base64
headers = {'Authorization': 'Basic ' + base64.b64encode(b'client_id:client_secret').decode('utf-8')}
payload = {'grant_type': 'client_credentials'}
response = requests.post('https://platform.api.nice.incontact.com/api/v2/oauth2/token', headers=headers, data=payload)
print(response.status_code)
print(response.text)
The response is simply {“error”:“invalid_client”}. We have checked the permissions on the OAuth client. It seems to be missing the scope for API access. Is there a specific scope required for the token endpoint itself that we are overlooking?