We are building an external trigger for our custom agent desktop. The goal is to launch a specific Architect flow programmatically when a certain event happens in our side application. I have the OAuth token generated correctly using the client credentials flow. The token has the necessary scopes including flow:read and flow:write. I can verify this by successfully calling GET /api/v2/flows to list all available flows in the organization. The token is definitely active and valid.
However, when I attempt to start the flow execution, I get a 403 Forbidden error. The response body is empty, which makes debugging tricky. Here is the code snippet I am using in C# with the Genesys Cloud .NET SDK:
var flowsApi = new FlowsApi();
var flowExecutionRequest = new FlowExecutionRequest
{
FlowId = "my-flow-id-here",
Parameters = new Dictionary<string, string>
{
{ "agentId", "12345" },
{ "reason", "manual_trigger" }
}
};
try
{
var result = await flowsApi.PostFlowsExecutions(flowExecutionRequest);
Console.WriteLine("Flow started: " + result.Id);
}
catch (ApiException ex)
{
Console.WriteLine("Error: " + ex.ErrorCode + " " + ex.Message);
}
The error code is 403. I have checked the documentation and it says that the token needs flow:execute scope. I added that scope to the OAuth client in Genesys Cloud administration. I regenerated the token. The error persists.
I also tried making the HTTP request directly using HttpClient to rule out any SDK issues. The result is the same. 403 Forbidden. I am running this from a US/Pacific server environment. The flow exists and is enabled. I can start it manually from the Architect UI without any issues.
Is there a specific permission on the flow itself that needs to be granted? Or is there a role requirement for the service account that I am missing? The service account has the Flow Administrator role. I don’t see any other relevant roles.
Any ideas on what could be causing this? I have checked the audit logs and there is no entry for the failed execution attempt. It is as if the request is blocked before it even reaches the flow engine. This is frustrating because the token works for other endpoints. I need to get this working for our production deployment. The deadline is tight. I am stuck on this for two days now. I have tried different flows. Same result. 403. I don’t know what else to check. The documentation is not clear about this specific scenario. I have searched the forums but found nothing similar. I am hoping someone has encountered this before. I need a solution fast. I don’t have time for trial and error. Please help. I am ready to provide more logs if needed. Just let me know what you need. I am available until late Pacific time. I will check for updates soon. I hope someone can shed some light on this. It is a blocker for us. I am waiting for a response. I don’t want to give up on this approach. It seems like the right way to do it. I just need to figure out why it is failing. I am confident the code is correct. The issue must be permissions or configuration. I have checked both. I am missing something. I need to find it. I am looking at the API docs again. Maybe I missed a detail. I will keep trying. I will post back if I find anything. I appreciate any help. I know this community is helpful. I have used it before. I expect good answers. I am ready to test suggestions. I have a test environment set up. I can make changes quickly. I just need direction. I am stuck. I need a push. Please help. I am waiting.