Switched org to SAML SSO. Now basic auth returns 401. Trying to get token via /api/v2/oauth/token with client_credentials grant. Getting ‘invalid_grant’. Is the client secret still valid after SAML enablement? Need to hit APIs from a script, not a browser. Any way to bypass SAML for server-to-server auth?
SAML SSO only affects interactive user logins. It doesn’t touch client credentials flow. The invalid_grant usually means the client secret got rotated when you enabled SSO, or the scope is too broad. Check your integration settings. You might need to regenerate the secret.
Here’s the correct curl. Make sure client_id and client_secret match the new integration. Scope must be specific. Don’t use admin:api.
curl -X POST "https://api.mypurecloud.com/api/v2/oauth/token" \
-u "YOUR_CLIENT_ID:YOUR_NEW_SECRET" \
-d "grant_type=client_credentials&scope=api:read"
If it still fails, check the integration’s status. Sometimes it gets disabled during migration. Also, verify the IP allowlist if you have one. SAML setup often triggers a security review that locks down API access.
I hit this last week. Took an hour to realize the secret was expired. Not SAML’s fault. Just bad hygiene.