Just noticed that the GET /api/v2/analytics/reporting/users/summary endpoint returns 403 Forbidden when requesting custom metric aggregations via the v2.1 SDK in the APAC edge region. Standard metrics work fine, but adding metricIds for custom fields triggers the auth error immediately. Using valid OAuth tokens with analytics:read scope. Terraform state shows the metric is published and active.
Check your edge region alignment.
Just noticed that the GET /api/v2/analytics/reporting/users/summary endpoint returns 403 Forbidden when requesting custom metric aggregations via the v2.1 SDK in the APAC edge region.
Custom metrics often reside on a different data plane than standard analytics. Ensure the OAuth token is issued against the same edge hosting the custom metric data. Cross-region token validation frequently fails with 403.
This seems like a classic edge-region data plane mismatch rather than a simple scope issue. The suggestion above regarding token alignment is correct, but the implementation details often trip up multi-org deployments.
Cause:
Custom metrics are persisted in the specific edge region where they were created. If your OAuth token is generated against a different edge (e.g., US01 instead of APAC), the Platform API rejects the request with a 403 because the token lacks visibility into that specific data store. Standard metrics are globally replicated, which is why they succeed.
Solution:
Verify the edgeId in your token payload matches the APAC region identifier. In your Node.js configuration, explicitly set the region parameter to apac when initializing the client or requesting tokens.
const client = new PlatformClient({
region: 'apac', // Must match metric origin
clientId: process.env.GC_CLIENT_ID,
clientSecret: process.env.GC_CLIENT_SECRET
});
Ensure your AppFoundry app permissions are scoped to the specific organization hosting the custom metric. Cross-org access requires explicit delegation settings in the admin console.
Take a look at at the dashboard configuration settings rather than just the API endpoint. While the edge region alignment is a valid technical consideration, the 403 error often stems from the custom metric not being explicitly added to the user’s view permissions in the Performance Center. Ensure the metricIds match exactly with those defined in the genesyscloud_routing_queue configuration. If the metric is active in the backend but not visible in the UI for the service account making the request, the API will reject it. Verify that the OAuth token belongs to a user with analytics:read and that the specific custom metric is included in the allowed list for that role. This discrepancy between backend publication and frontend visibility is a common source of confusion. Double-check the metric definition in the flow builder to ensure it is not set to private visibility, which would restrict API access even for admins.