Why does this config cause intermittent 403 Forbidden errors when invoking the /api/v2/analytics/reporting/definitions endpoint immediately after a new organization is added to our Partner App’s scope?
Our deployment utilizes a multi-tenant architecture where service accounts are provisioned dynamically across diverse Genesys Cloud environments. The integration relies on the platform_api specialization to fetch compliance metrics for our Premium App clients. We have verified that the wfm:reporting:read scope is correctly assigned during the initial OAuth handshake.
The issue manifests specifically when scaling to organizations in the US1 and EU1 regions. Logs indicate that while the token generation succeeds, subsequent API calls fail with a 403 status code for approximately 15 to 30 minutes. This latency disrupts our automated compliance reporting pipelines.
We suspect a caching layer or propagation delay in the entitlement service. Is there a documented TTL for scope updates, or should we implement a retry mechanism with exponential backoff to handle this eventual consistency?