External applications calling genesys API's pulling wrong information

pvarghese · March 10, 2025, 1:09pm

We have an OAuth client that the external applications use to pull genesys data using API's. OAuth client has access to certain divisions on the role assigned but when the external applications(eg. Postman) use this OAuth to connect and run the API's , its pulling data from divisions that are not part of the OAuth client. We have observed this behavior on the following API's

/api/v2/analytics/conversations/details/jobs
/api/v2/users
/api/v2/authorization/divisions

Is this the expected behavior on these API's or in other words how do I restrict access to certain divisional data on the Oauth client?

Eos_Rios · March 10, 2025, 1:16pm

Conversations can cross divisions. As long as any part of the conversation occurred in any division the client has access to the entire conversation is in scope for them.

The other two APIs are metadata so it's possible they're not division aware/limited since their data can appear within conversations you'd want to know who those GUIDs represented.

pvarghese · March 10, 2025, 1:52pm

Thank you, user & division API's make sense but I still need to confirm conversations are not pulled from divisions when only that division is part of the conversation.