Can anyone clarify the specific OAuth scope requirements for accessing screen recording metadata via the Platform API within a multi-tenant AppFoundry integration? We are encountering a consistent 403 Forbidden response when attempting to retrieve recording details for sessions initiated through our custom web SDK wrapper. The integration uses standard delegated authentication with scopes including recording:view and interaction:view, yet the API gateway rejects the request for specific tenant orgs while succeeding for others under identical configuration. The error payload indicates a missing permission for recording:download, which is puzzling given that our initial deployment scripts explicitly grant this scope during the OAuth handshake. We have verified the token validity and expiration times, confirming they are well within the acceptable window. The issue appears isolated to tenants utilizing the newer screen recording engine updates, suggesting a potential mismatch between our cached permission sets and the evolving API contract for recording metadata retrieval.
The problem manifests specifically when querying the /api/v2/recordings/{recordingId} endpoint shortly after session termination. Our backend service logs show the request payload is correctly formatted with the appropriate authorization header, but the response body returns a clear permission denial. We are operating in the Pacific timezone, and the failures occur consistently across different time windows, ruling out any maintenance-related downtime. The AppFoundry application is published and approved, with no recent changes to the manifest or scope definitions. We have attempted to refresh the OAuth tokens and re-authorize the affected tenants, but the 403 status persists. This is blocking our ability to provide unified playback features for clients relying on our integration for quality assurance workflows. Any insights into whether the screen recording API requires additional implicit permissions or if there is a known issue with scope propagation for newly provisioned tenants would be greatly appreciated. We are currently stuck on version 2.0.1 of the recording client library.