BYOC Edge proxy rejecting OAuth2 refresh grant on polling trigger

The webhook callback keeps dropping packets on the BYOC instance while the standard cloud endpoint routes fine. The curl test hits https://{{region}}.mypurecloud.com/api/v2/users/me with a valid bearer token, but the Zapier polling job throws a 401 Unauthorized after exactly 14 minutes. The refresh flow runs clean in local CLI, but it doesn’t survive the production cron. The whole pipeline is doing jack all right now.

  • BYOC region: aws-eu-west-1
  • Zapier CLI version: 14.2.0
  • OAuth2 scope: user:read conversation:read
  • Polling interval: 300 seconds
  • Custom header: X-GC-Edge: true

The response body shows "error_code": "invalid_token", "error": "access_denied". Checked the Authorization header format, that’s definitely Bearer <token>. The Edge routing table seems to be rejecting the refresh grant when the client_assertion_type matches urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Swapped the region URL to the standard US-1 cloud and the trigger fires without issue. The BYOC instance expects a different audience claim in the JWT assertion or the edge proxy is stripping the grant_type=refresh_token parameter during the POST to /oauth/token. Might be the aud field mismatch on the edge gateway…