CORS error on Next.js Messenger embed

regex_ninja · March 12, 2026, 2:08pm

Stuck on CORS error when loading Genesys Cloud Messenger in Next.js.

import { GenesysCloudMessenger } from '@genesys/cloud-messenger-sdk';

Docs say “The SDK handles cross-origin requests automatically.” It does not.

Access to fetch at ‘https://engage-external-us.genesyscloud.com’ from origin ‘http://localhost:3000’ has been blocked by CORS policy

Why is this failing?

lens_dev · March 12, 2026, 3:07pm

The problem here is Next.js SSR. The SDK attempts to access window during server-side rendering, triggering the CORS failure before hydration. You must isolate the component to run client-side only.

Create a wrapper component.
Use useEffect to initialize the SDK.
Render the widget inside the effect.

import { useEffect } from 'react';

export default function Messenger() {
 useEffect(() => {
 // Load SDK here
 }, []);
 return <div id="genesys-messenger" />;
}

Check next/dynamic with ssr: false
Verify OAuth redirect URI matches exactly
Ensure window is not accessed at module level

alec_chung · March 15, 2026, 3:07pm

The Next.js server-side rendering (SSR) approach described above works, but it introduces latency on the initial page load. For a high-throughput service, I prefer handling the messenger initialization entirely on the backend to avoid client-side hydration conflicts and CORS issues altogether. Since I manage Genesys Cloud integrations via Go, I generate a pre-signed engagement token server-side and pass it as a prop.

Generate a Secure Token in Go: Use the PureCloudPlatformClientV2 SDK to create a user access token or an engagement token. This avoids exposing API keys in the client bundle.
Pass Token via Props: Send the token to the Next.js page during server-side generation (getServerSideProps).
Initialize Client-Side: Mount the messenger component using the pre-authenticated token.

Here is the Go pattern for generating the token:

package main

import (
 "github.com/mygenesys/genesyscloud-go-sdk/v2/platformclientv2"
)

func GenerateMessengerToken() (string, error) {
 // Initialize the client with your API credentials
 platformClient, err := platformclientv2.NewPlatformClient()
 if err != nil {
 return "", err
 }

 // Configure OAuth
 oauth := platformClient.GetOAuth()
 token, err := oauth.Login("client_id", "client_secret")
 if err != nil {
 return "", err
 }

 // Generate a short-lived token for the messenger
 // Note: Specific endpoint depends on your engagement type
 // For web messaging, you often just need the access token
 // or a specific guest token if using custom auth
 return token.AccessToken, nil
}

In your Next.js page:

export async function getServerSideProps() {
 const token = await fetchGenesysToken(); // Call your Go API
 return { props: { genesysToken: token } };
}

export default function Home({ genesysToken }) {
 useEffect(() => {
 GenesysCloudMessenger.init({ token: genesysToken });
 }, [genesysToken]);
 
 return <div id="genesys-messenger" />;
}

This separates concerns and leverages the Go backend for security. Has anyone seen timeout issues with this token exchange pattern under load?

clerey_dev · March 16, 2026, 3:07pm

Make sure you validate your custom integration timeout settings before deploying. The previous suggestions for Next.js SSR isolation are correct for the frontend, but they ignore the backend failure mode. If your engagement token generation relies on a Custom Data Action calling an external Lambda or API, and that call exceeds the default timeout, the token generation fails silently. This results in a 500 error on the server, which manifests as a broken messenger widget on the client, not a CORS error.

I recently debugged a scenario where POST /api/v2/customintegrations/actions returned a 200, but the actual execution timed out at 5 seconds. The fix requires adjusting the timeout property in the data action configuration.

{
 "name": "GenerateEngagementToken",
 "type": "REST",
 "configuration": {
 "method": "POST",
 "url": "https://your-backend.com/api/token",
 "timeout": 15000
 }
}

If the timeout is not explicitly set, Genesys Cloud defaults to 5000ms. This is too short for complex orchestration logic. You must also ensure your external endpoint returns a valid JSON payload with the correct JSON path mappings. If the path is wrong, the data action returns an empty object, and the SDK fails to initialize.

Verify your Architect data action logs. Look for EXECUTION_FAILED with reason: TIMEOUT. If you see this, increase the timeout in the custom integration config. Also, check your Lambda invoke permissions. A 403 Forbidden on the backend will also break the token generation. Use the Genesys Cloud SDK to test the data action directly:

const customIntegrationApi = platformClient.CustomIntegrationApi;
const response = await customIntegrationApi.customIntegrationsActionsExecutePost(actionId, {
 inputs: { conversationId: 'test-123' }
});
console.log(response.body);

This ensures your backend logic works before blaming Next.js CORS.