We’ve just flipped the switch on SAML SSO for our org. The docs state: “Enabling SAML SSO does not disable API access. You can continue to use OAuth 2.0 client credentials flow for server-to-server authentication.”
I’m hitting /api/v2/oauth/token with the following payload:
{
"grant_type": "client_credentials",
"client_id": "my-app-client-id",
"client_secret": "my-app-secret",
"audience": "https://api.mypurecloud.com"
}
Getting a 401 Unauthorized. Response body:
{
"errors": [
{
"message": "Authentication failed"
}
]
}
The client ID and secret are correct. I verified them by disabling SAML temporarily and the token generated fine. Re-enabled SAML, and boom, 401 again.
Checked the app settings. The app is still set to “OAuth” not “SAML”. Why is the token endpoint rejecting valid credentials just because SSO is on? Am I missing a scope or audience claim here?