Genesys Cloud – Restrict OAuth client credentials grants to allowed IP addresses
| Announced on (YYYY-MM-DD) | Effective date (YYYY-MM-DD) | Aha! idea |
|---|---|---|
| 2026-04-06 | - | - |
In a future release, administrators can restrict OAuth clients that use the Client Credentials grant type to specific allowed IP addresses or CIDR ranges. With this update, administrators can limit where those requests originate, which adds a clear security control for application-based access.
For new OAuth clients that use the Client Credentials grant type, administrators must to configure allowed IP addresses during setup. For existing OAuth clients that use the same grant type, administrators will be able to add allowed IP addresses during a transition period. If a request comes from outside the configured range, Genesys Cloud will deny it.
What’s new
Administrators can configure allowed IP addresses for OAuth clients that use the Client Credentials grant type.
What this changes
New OAuth clients that use the Client Credentials grant type will require an allowed IP address or CIDR range. Existing clients can add one during the transition period.
Why this matters
This feature reduces the risk of unauthorized access when client credentials are leaked and helps ensure that only requests from trusted networks can use the client credentials grant.
[NEXT] Was this article helpful?
Get user feedback about articles.