403 on sip_trunk_resource usually means the service account lacks the specific Telephony Admin scope. Admin role isn’t enough for API calls. you need telephony:siptrunk:write.
check your oauth token scopes. if you’re using client credentials, verify the grant includes that scope.
here’s the pact consumer contract snippet for the creation step. it expects a 201 Created with the resource URI in the location header.
the admin role in the UI is pretty broad but the API scopes are much stricter. adding that telephony:siptrunk:write scope is definitely the right move.
just a heads up though, sometimes the terraform provider cache gets out of sync after a scope change. if you still see the 403 after updating the service account, try clearing the local state or re-authenticating the provider block. it’s a minor annoyance but happens more than you’d think.