Pushed the new CRM sync data action to client prod org using genesys-cloud-sdk-js@3.94.2. The /api/v2/integration/dataactions/{dataActionId}/execute endpoint doing jack all. It’s rejecting the POST with a 401 Unauthorized right after the OAuth access token hits the 3600-second mark. Console spits out {“errors”:[{“code”:“unauthorized”,“message”:“Invalid access token”}]}. The refresh token rotation seems fine. Backend logs show the new token getting swapped successfully before the next batch runs.
Architect flow is just a simple trigger calling the data action with a static payload. You won’t find any dynamic variables messing with the headers. Tested the same flow in dev org yesterday and it pumped through 500 records without a hiccup. Now prod is choking on the second batch every single time.
AppFoundry deployment manifest looks clean. Scopes include integration:dataaction:execute and oauth:client:read. Multi-org setup means the app switches contexts based on the incoming org header. Token endpoint returns a fresh JWT, but the execution call drops immediately. Rate limit headers aren’t even showing up in the response, so it’s definitely an auth handshake breaking.
Checked the IAM audit logs. Nothing there except the initial token grant. The data action definition itself is marked as PREMIUM and approved in the console. Maybe the refresh flow isn’t carrying over the org context properly. Or the SDK is caching the old token somewhere in the fetch layer. Disabled the token cache in the client config, but it still throws the same error. Network tab just shows the 401 dropping right after the refresh completes.