I’m completely stumped as to why the POST /api/v2/telephony/sip/trunks endpoint fails with a 403 Forbidden error when attempting to map Zendesk Voice provider credentials to a new Genesys Cloud SIP trunk configuration. The migration script is failing specifically during the authentication handshake phase.
We are currently migrating our support operations from Zendesk Sunshine Conversations to Genesys Cloud. The goal is to replicate the existing voice routing logic. In Zendesk, voice interactions were handled via a third-party provider with simple API keys. In Genesys Cloud, we need to set up a dedicated SIP trunk for inbound and outbound calls to maintain continuity.
The payload structure looks correct based on the documentation, but the server rejects the request immediately. Here is the error response we are receiving:
{
"errors": [
{
"code": "forbidden",
"message": "User does not have permission to create SIP trunks. Required capability: telephony:sip-trunk:write"
}
]
}
The user account used for the migration has the admin:telephony:write capability, which I assumed would cover SIP trunk creation. However, it seems that specific capability is missing. Is there a separate role or capability required for SIP trunk configuration in Genesys Cloud?
In Zendesk, voice settings were part of the general admin panel. In Genesys Cloud, the permissions seem much more granular. We need to understand the exact capability mapping to proceed. Any practical migration advice on how to structure the admin roles for voice configurations would be greatly appreciated. We are trying to avoid manual intervention for each trunk setup.