Looking for advice on rotating OAuth client secrets without downtime. I am writing a high-throughput Go service that refreshes access tokens via /api/v2/oauth/token. Currently, I update the secret in the Genesys Cloud admin console, which immediately invalidates the old secret. This causes a burst of 401 Unauthorized errors while my worker pool retries failed requests.
Is there a supported API workflow or sequence to enable the new secret before disabling the old one? I want to avoid stopping the service or implementing complex dual-token validation logic in my middleware.