POST /api/v2/conversations/calls 403 Forbidden on outbound call

NICE CXone API & Integrations
1

Trying to initiate an outbound call on behalf of an agent using the Calls API. The request returns a 403 Forbidden with the message “Caller ID not valid for user”. I’ve verified the user has the callcenter:call:make permission and the caller ID is registered in the platform.

POST /api/v2/conversations/calls
{
 "to": "+61412345678",
 "from": "+61298765432",
 "type": "outbound",
 "routingData": {
 "type": "user",
 "id": "12345678-1234-1234-1234-123456789012"
 }
}

Any idea why it’s rejecting the caller ID?

2

The 403 error usually isn’t about the permission scope you’ve already checked. It’s almost always a caller ID validation issue on the platform side. You need to ensure the from number is explicitly assigned to the user or group making the call, and that it’s verified.

Here’s a different approach to debug this. Instead of guessing, pull the valid caller IDs for that specific user via the API. This tells you exactly what numbers the platform allows for that identity.

const userCallerIds = await platformClient.UsersApi.getUserCallerIds(userId);

// Check if your target 'from' number exists in the response
const isValid = userCallerIds.body.some(id => id.phoneNumber === "+61298765432");

if (!isValid) {
 console.log("Caller ID not assigned to user. Check Admin > Users > [User] > Phone Numbers");
}

If the number is there but still failing, check the Routing Data. For outbound calls initiated via API, the routingData often needs to match a queue or skill group if you’re using automatic callback or specific routing rules. If it’s a simple direct call, you might be able to omit routingData entirely or use a different type.

Also, verify the phone number status in the Genesys Cloud admin portal. It must be “Active” and “Verified”. If it’s in “Pending” status, the API will reject it with a 403.

I’ve seen this trip up teams when they copy-paste numbers from a CSV without checking the platform configuration. The API is strict about this to prevent spoofing.

Try assigning the number to the user directly in the UI first. Then test the API call again. If it works, you can automate the assignment using the PATCH /api/v2/users/{userId} endpoint to add the number to the user’s list of valid caller IDs.

Don’t forget to check the New Relic trace for the specific request. If you’re instrumenting the API calls, look for the genesys.cloud.api.error event. It might give you more context than the generic 403 message.