Stuck on a problem and need help troubleshooting a recurring authentication failure when attempting to retrieve archived voice recordings via our SIP trunk integration for legal discovery purposes. We are using Genesys Cloud as our primary CPaaS platform, and we have a specific requirement to pull raw .wav files from the recording archive for cases requiring chain of custody verification. The issue arises when the external archival system initiates a SIP INVITE to fetch the recording metadata or stream, resulting in a 282 Authentication Required response from the Genesys Cloud SIP edge.
We have verified that the SIP trunk credentials are correct and the trunk status is active. The problem seems isolated to requests originating from our secure archival endpoint, which operates on a static IP range that is whitelisted in the Genesys Cloud firewall settings. Interestingly, manual playback of these same recordings through the Genesys Cloud UI works perfectly fine, suggesting the recordings are not corrupted or inaccessible due to retention policies.
Here are the environment details:
- Genesys Cloud Region: US East (Virginia)
- SIP Trunk Type: Outbound-only (configured for archival retrieval)
- Authentication Method: Digest Authentication with MD5
- SDK Version: Genesys Cloud Platform SDK v2.1.4 (Node.js)
- Error Log: 282 Authentication Required - WWW-Authenticate: Digest realm=“genesys.cloud”, nonce=“abc123…”
- Timestamp: 2023-10-25T14:30:00Z (London Time)
We have checked the audit logs and see that the SIP trunk is receiving the INVITE but rejecting the credentials. We suspect there might be a mismatch in the nonce handling or a timing issue with the digest authentication handshake. Has anyone encountered similar issues with SIP trunk authentication for archival purposes? We need to ensure the integrity of the chain of custody, so any workaround or fix is critical for our legal team. Appreciate any insights on how to debug the digest challenge-response mechanism in this context.