Looking for advice on handling a specific 403 Forbidden error when attempting to register SIP trunks via the Platform API within our AppFoundry integration. The issue occurs intermittently during the OAuth token refresh cycle for our multi-tenant Premium App.
The environment consists of three distinct Genesys Cloud organizations, each with its own set of SIP trunks managed by our integration. We are using the standard POST /api/v2/telephony/phone-features/sip-trunks/{sipTrunkId}/registrations endpoint to trigger re-registration after a configuration update.
The payload being sent is standard, but the response indicates a permissions mismatch despite the OAuth token being valid for the target organization. The error response body is as follows:
{
"message": "Access denied. The provided token does not have sufficient permissions to manage SIP trunks in this organization.",
"code": "forbidden",
"status": 403
}
We have verified that the OAuth client has the telephony:sip-trunk:write scope enabled for all three organizations. The token refresh logic appears correct, as other API calls succeed immediately before this failure. The issue seems to correlate with the timing of the token refresh relative to the API call execution.
Has anyone encountered similar permission issues with SIP trunk management in a multi-org AppFoundry context? Any insights into the token validation sequence or scope propagation delays would be appreciated. We are currently investigating if this is a caching issue on the Genesys Cloud side or a flaw in our token refresh implementation.