Python SDK - Quality Management Calibration Export - 403 Forbidden - Missing Scope?

Hi all,

I am trying to export calibration data using the Python SDK and I keep getting a 403 Forbidden error. It’s driving me crazy. Sorry if this is a very simple question, I’m still very new to this. We’re on Genesys Cloud, region is Tokyo.

The endpoint I am trying to use is /quality/management/evaluations/bulk/export. I’ve read the docs, I think I have everything correct, but obviously not. I suspect it’s something with the OAuth2 setup but I’m not 100% sure. I think the scope is the problem, maybe?

I’m using the genesyscloud-sdk-python version 3.1.2. I’ve initialized the SDK with my client ID, client secret, and access token. I’m using a service account, not user-level authentication. The access token seems valid - I can pull other data, like agent schedules, without issue.

The error response I get is this:

{
 "error": "Forbidden",
 "message": "The request requires a valid access token with the appropriate scope.",
 "code": 403
}

I thought I had the correct scopes set when I initially created the OAuth2 app, but maybe I missed something? I have quality_management selected in the app registration on the developer portal, but I’m wondering if there’s a more specific scope needed for the export endpoint? I also saw somewhere that you need a separate scope for exporting calibration data, but I don’t see any documentation to back that up.

Here’s my Python code. It’s probably messy.

import os
from genesyscloud.client import GenesysCloudClient

client = GenesysCloudClient(
 region=os.getenv('GENESYS_CLOUD_REGION'),
 access_token=os.getenv('GENESYS_CLOUD_ACCESS_TOKEN')
)

try:
 calibration_export = client.quality_management.evaluation.bulk_export()
 print(calibration_export)
except Exception as e:
 print(f"Error: {e}")

I’ve checked the environment variables and they are definitely populated. It’s just this export endpoint that isn’t working. Can anyone give me some advice? I feel like I’m doing jack all. I’ve been searching the docs for hours. Maybe I am misunderstanding how the SDK is supposed to handle the authorization. Also, the documentation is not always very clear.