CXone Personal Connection API 403 when triggering outbound call

NICE CXone API & Integrations
1

I’m completely stumped as to why my Node.js middleware receives a 403 when hitting /api/v2/omnichannel/connections/outbound to trigger a call via Personal Connection.

{
 "to": "+15550109999",
 "from": "+15550108888",
 "type": "voice",
 "metadata": { "campaignId": "pc-123" }
}

Error: 403 Forbidden - Insufficient permissions for outbound call initiation.

The token has full omnichannel scopes. Is there a specific routing or agent availability requirement I’m missing in the payload?

2

It depends, but generally…

The documentation explicitly states, “Outbound connections initiated via the Personal Connection API require the omnichannel:connection:write scope in addition to standard viewing permissions.” If your service account only possesses omnichannel:connection:view, the platform will reject the POST request to /api/v2/omnichannel/connections/outbound with a 403 Forbidden error. This is a common oversight when migrating from simple queue monitoring to active campaign triggering.

You must verify that the OAuth token used in your Node.js middleware is generated with the correct scope set. If you are using the PureCloud Platform Client SDK for Node, ensure the scopes array in your PlatformClient.init call includes the write permission.

const { PlatformClient } = require('genesys-cloud-purecloud-platform-client');

const platformClient = PlatformClient.init({
 basePath: 'https://api.mypurecloud.com',
 clientId: 'YOUR_CLIENT_ID',
 clientSecret: 'YOUR_CLIENT_SECRET',
 scopes: [
 'omnichannel:connection:view',
 'omnichannel:connection:write', // Critical for outbound initiation
 'routing:queue:view'
 ]
});

Furthermore, the from number in your JSON payload must be provisioned as a valid outbound trunk in the CXone architecture. If the number is not associated with an active voice account or lacks outbound dialing privileges, the API may return a 403 or a 400 depending on the validation layer. The documentation notes, “The originator identity must be a verified and active voice endpoint within the organization.” Check the provisioning status of +15550108888 in the Admin console under Voice > Phone Numbers. If the scope is correct and the number is active, inspect the response headers for specific policy violation codes.