The new Architect flow is routing calls through a custom IVR menu, but the outbound webhook hit to our Express middleware keeps bombing out with a 401 Unauthorized. We’re running Genesys Cloud version 24.8.1 and the Event Streams API is pushing the conversation.media.created payload directly to the /api/v2/integrations/webhooks endpoint. The JWT introspection logic was handling the old auth header format just fine until yesterday, but the payload structure shifted to include a nested securityContext object. The middleware can’t even parse the token before the signature validation fails. Architect’s HTTP request node is set to POST with application/json, and the timeout window is sitting at 3000ms. Console logs show the request hits the server, but the req.headers.authorization field comes back empty every single time. Doing jack all on the frontend while the backend drops these calls.
Switching to the WebSocket Notification API didn’t help either, since the IVR flow still depends on the synchronous webhook callback to update the queue position. The Express route handler looks like this: app.post('/gc/ivr-callback', async (req, res) => { const token = req.headers.authorization.split(' ')[1]; res.status(401).json({ error: 'missing auth header' }); }); The logs dump a TokenExpiredError even though the token lifecycle is set to 3600s. Something’s definitely mangling the header during the Architect-to-webhook handoff.