We switched our org to SAML SSO, which broke our CI/CD pipeline that relies on the standard OAuth client credentials grant. The POST /oauth/token call now returns a 401 instead of the usual 400 for invalid credentials. Is there a specific header or scope needed to bypass the SAML redirect for machine-to-machine auth, or do we need to configure a separate identity provider instance just for API tokens?
curl -X POST https://api.mypurecloud.com/oauth/token
-H “Authorization: Basic <base64(client_id:client_secret)>”
-d “grant_type=client_credentials&scope=analytics:view”
SAML doesn’t touch client credentials. That 401 means your app’s permissions are restricted by the new SSO policy, not the auth flow itself. Check the "API Access" setting in the SAML app config. It’s bably locked down.