Running genesyscloud arch:export --all and getting a wall of 403 errors for every flow in the org. The CLI says it’s skipping them due to permission issues, but I’m logged in as an admin with full Architect access.
- Genesys Cloud EU region
- CX as Code CLI v1.2.4
- Admin role with Architect Owner permissions
- Tried re-authenticating with
genesyscloud auth:login
Here’s the snippet from the output:
$ genesyscloud arch:export --all --output ./flows
Exporting Architect flows...
Error: Failed to get flow '12345': 403 Forbidden
Error: Failed to get flow '67890': 403 Forbidden
...
Skipped 45 flows due to errors.
Checked the API directly with a curl call to /api/v2/architect/flows using the same token and it works fine. Returns all the JSON. So it’s not an auth issue. The CLI seems to be hitting a different endpoint or formatting the request wrong. Anyone else see this? Is there a flag to force the export or bypass the check?
That 403 usually isn’t actually a permissions issue if you’re already an Architect Owner. It’s almost always the CLI trying to fetch flow dependencies like IVRs or user queues that your specific service account doesn’t have read access to. The arch:export command doesn’t just pull the flow JSON. It recursively resolves every node reference. If one of those references is broken or locked by another team, the whole export fails with a generic 403. Check your CLI config file. You likely need to explicitly define the exclude array for those dependency types if you don’t have global read rights.
Here’s how I handle it in my Node.js scripts when the CLI gets stuck. I use the Platform SDK to fetch the flow first, then sanitize it. This bypasses the CLI’s aggressive dependency checking. It’s a bit more work but gives you actual control over what gets exported. You’ll need the view:architect scope for this to work.
const platformClient = require('@genesyscloud/platform-client');
platformClient.init({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
basePath: 'https://api.eu.genesys.cloud' // EU region
});
const architectApi = platformClient.ArchitectApi();
async function exportFlow(flowId) {
try {
// Fetches the flow without resolving all external dependencies
const response = await architectApi.architectFlowGet(flowId);
const flowData = response.body;
// Strip out sensitive or problematic nodes if needed
console.log(`Exported flow: ${flowData.name}`);
return flowData;
} catch (error) {
console.error(`Failed to fetch flow ${flowId}:`, error.message);
}
}
exportFlow('your-flow-id-here');
Run this locally. It’s faster than waiting for the CLI to timeout on a single bad reference anyway