Configuration is broken for some reason when attempting to route conversation metadata from a BYOC Edge node back to ServiceNow for ticket creation.
Background
The environment utilizes Genesys Cloud BYOC Edge nodes deployed in London (Europe/London) to handle low-latency digital channel interactions. The Architect flow is configured to trigger an outbound webhook on conversation.media.update. This webhook targets the ServiceNow REST API endpoint /api/now/table/incident to auto-create incidents based on sentiment analysis flags. The same flow works flawlessly when tested via the Genesys Cloud SaaS environment, confirming the ServiceNow credentials and payload structure are valid.
Issue
When the flow executes through the BYOC Edge node, the webhook returns a 403 Forbidden error. The response body from ServiceNow indicates "reason": "Access denied". The Edge logs show the request is being sent with the correct Basic Auth header, yet the token validation fails specifically at the ServiceNow gateway level.
Troubleshooting
- Verified the Edge node version is
2023-10.0and matches the SaaS cluster. - Confirmed outbound HTTPS traffic is allowed from the Edge VM to
service-now.comon port 443. - Tested the exact same webhook URL and headers from the Edge VM shell using
curl; the request succeeds immediately. - Checked the Architect flow execution history; the payload structure is identical to the SaaS version.
Could there be a specific header injection or TLS termination behavior in the BYOC Edge outbound connector that ServiceNow is rejecting? The X-Genesys-Edge header is present, but I suspect a mismatch in the User-Agent or missing Content-Type enforcement by the Edge runtime.