just noticed that our premium app integration is throwing a 403 forbidden error when the data action tries to push interaction metadata to our external crm via the platform api. we are using the standard oauth 2.0 client credentials grant flow for the integration, and the token is definitely valid since other read-only endpoints work fine. the specific endpoint failing is /api/v2/analytics/icapoint/realtime but wait no that is not right. the endpoint is our partner api url but it is being called from within a genesys cloud data action step in architect. the error response body says “access denied: insufficient scopes”. we have granted all the standard analytics scopes including analytics:call:read and analytics:interaction:write to the oauth client. the app is listed in the app foundry as published and approved for the customer org. we are running genesys cloud version 24.3.0. the data action is configured to use the platform api token passed from the flow context, which should have the same scopes as the integration token used to authenticate the initial flow. we have checked the token payload using jwt.io and it contains the expected scopes. the external api is returning a 200 ok when we test it with postman using the same token. this suggests the issue is not with the external api itself but with how genesys cloud is proxying the request or validating the scopes for the data action step. we have also tried recreating the oauth client and re-authorizing the app in the customer org but the issue persists. is there a specific scope required for data actions to make outbound http requests to partner apis that is not documented in the standard api reference? we are seeing this behavior across multiple customer orgs which makes us think it is a configuration issue on our end or a recent change in the platform api behavior. any insights or workarounds would be appreciated. we need to get this fixed before our next release cycle. thanks.