POST /api/v2/data/actions/{id}/execute
Status: 403 Forbidden
Response Body:
{
“message”: “Access denied. The requested resource is not available.”,
“status_code”: 403,
“trace_id”: “abc-123-def-456”
}
The integration is built on AppFoundry and utilizes a multi-org OAuth flow. The token retrieval process completes successfully, returning a valid access token with the admin:interaction and admin:data scopes. When testing the same Data Action via Postman using a direct admin API key, the execution succeeds immediately with a 200 OK response. However, when the request originates from the AppFoundry application context, the 403 error persists consistently.
The Data Action is configured to write to a custom object via the Platform API. The object permissions are set to allow read/write for the group associated with the service account. The service account itself has the necessary role assignments. The issue appears specific to the delegation model within the multi-org setup. The x-genesys-org-id header is correctly populated with the target sub-organization ID.
Logging indicates that the token validation passes the initial check, but the subsequent authorization layer rejects the request. This suggests a mismatch between the token’s audience claim and the expected resource scope for Data Actions in a multi-org environment. The application is deployed in the US-East region, and the API version is current.
Has anyone encountered a similar scope resolution failure when executing Data Actions through an AppFoundry integration in a multi-tenant structure? The standard troubleshooting steps for token expiration and role assignment have been verified and confirmed correct. What specific scope or permission configuration is required for a multi-org OAuth token to successfully execute a Data Action that writes to a custom object, given that direct API key authentication works without issue?