I have generated a token from /oauth/token endpoint for my ISC environment and I receive a 200 response and a list of the following scopes applied to the token:
However, using this newly generated token I am unable to hit the GET /v3/workflows API endpoint. Am I missing a scope in the list above? The documentation here says sp:workflow:read should be sufficient: list-workflows | SailPoint Developer Community
Thank you for the question. I took sometime and generated a new PAT with scope “sp:workflow:read” and then submitted the API request (both using V3 and beta) and it looks to be working fine for me.
Can you please try to request for the access token again and then verify the payload if the scopes are correctly mentioned when you generate oAuth token.
You can use the API call https://ORG-NAME.api.identitynow.com/)/oauth/token with below body settings as mentioned in the official documentation Authentication | SailPoint Developer Community
I wonder if an SP Admin has to generate this. This would explain why it worked for you using a PAT. I generated my client credentials using the API management tab.
Yes, that makes sense if you generated the credentials using API management tab. I have seen such behavior where client credentials generated via API management does not support all the operations which PAT does. So personally i always prefer PAT.
I believe you can also try to generate the token for yourself. I see in the official documentation it is mentioned that any user can create a token but they can not request permission beyond their user level. So worth giving it a try if reaching out to admin takes more time.
