Node.js middleware dropping WebSocket frames on Guest API token validation

Rate limiting per guest ID is holding up, but the signature check bombs with a 401 Unauthorized on the second frame after hitting /api/v2/conversations/webmessaging/guests. Redis TTL sits at 300, and honestly, the rotation logic looks fine on paper.

  1. Generate token via Guest API
  2. Store encrypted session in Redis
  3. Validate signature on incoming frames
  4. Rotate keys every 15 minutes

The crypto.sign() output doesn’t match what Genesys expects, so the Node.js middleware isn’t catching the repeat requests before the encryption key rotation policy kicks in.