Just noticed that the standard client_credentials flow grants access to all divisions, which breaks our multi-tenant isolation in the Singapore BPO environment.
Attempted to restrict scope using the /api/v2/oauth/clients endpoint but the response payload lacks explicit division_id mapping fields.
Tested passing a custom header X-Genesys-Cloud-Organization-Id: {division_uuid} in the Python requests library call.
Resulted in a 403 Forbidden error on subsequent GET /api/v2/organizations/queries/search calls despite valid token issuance.
Current implementation uses the genesys-cloud-python-sdk v2.0.0 with explicit token refresh logic in Jupyter cells.
Question: Is there a specific grant_type parameter or client configuration JSON payload required to bind the OAuth token to a single division at issuance time?
Need to avoid post-token filtering via pandas DataFrames as it impacts latency for real-time dashboard updates.