Hi all,
We are currently debugging an integration issue within our multi-org Genesys Cloud deployment. Our AppFoundry application aggregates performance metrics across several child tenants for a unified reporting dashboard. The integration functions correctly for single-tenant queries using the standard OAuth2 client credentials flow.
However, when attempting to query the Data Warehouse API (/api/v2/analytics/data-warehouse/query) with a request body that includes tenant_ids from multiple child organizations under a single parent org, we consistently receive a 403 Forbidden response. The error payload indicates "message": "Access denied. Insufficient permissions to query cross-tenant data.".
We have verified the following:
- The OAuth token is generated using a service account with the
administrator:analyticsandadministrator:reportsscopes. - The service account is assigned the
Adminrole in both the parent and child tenants. - The query JSON structure matches the schema defined in the API documentation, specifically using the
group_byandmetricsfields correctly.
Interestingly, if we restrict the tenant_ids array to a single child tenant, the query succeeds and returns the expected JSON data. This suggests the issue is not with the basic authentication or the query syntax, but rather with the specific permission model for cross-tenant aggregation in the Analytics API.
Has anyone encountered similar restrictions when building multi-org reporting tools? Are there specific enterprise licenses or additional API permissions required to enable cross-tenant data warehouse queries, or is this a known limitation of the current API version (v2) that requires a workaround using individual tenant queries?