Building a custom AppFoundry integration for a mid-tier enterprise client requires bridging their legacy PBX with Genesys Cloud via a SIP trunk. The goal is to route inbound calls directly into a specific Architect flow that leverages WebRTC for screen pop and softphone functionality within our custom UI.
The issue manifests consistently during the initial media handshake. The SIP INVITE reaches the Genesys Cloud edge successfully, and the flow triggers. However, when the flow attempts to establish the WebRTC connection using the media action, the client browser receives a 403 Forbidden error from the media signaling endpoint (/api/v2/media/connections). The standard error payload indicates MediaConnectionError: Permission denied.
This is puzzling because the OAuth scope for the integration includes media:call:control and media:call:read. The access token is valid, and standard REST API calls to /api/v2/architect/flows work without issue. The problem seems isolated to the WebRTC signaling layer within the Architect flow execution.
Has anyone encountered this specific 403 when mixing SIP trunked calls with WebRTC media actions in a custom flow? We are testing in the US-East region. The client-side SDK is version 4.1.2. We have verified that the firewall allows UDP traffic on the required ports. Is there a specific permission matrix for WebRTC media actions that differs from standard call control? Or does the SIP trunk configuration require a specific header to authorize the WebRTC bridge?
Looking for insights on the intersection of SIP trunking and WebRTC media permissions. Any debugging steps for the media signaling layer would be appreciated.