Could someone explain why our BYOC edge is rejecting SIP registration requests with a 407 Proxy Authentication Required response, even though the credentials appear correct in the Genesys Cloud UI?
We are deploying a custom telephony integration via AppFoundry that relies on bringing our own carrier connections. The architecture involves a custom SIP proxy running on AWS EKS handling the leg to the carrier, which then connects to the Genesys Cloud BYOC edge. The edge is configured with v2.1 of the BYOC connector.
The issue manifests specifically during the initial registration phase. When the SIP REGISTER request hits the BYOC endpoint, the server immediately responds with 407 Proxy Authentication Required. We have verified the following:
- The SIP trunk configuration in Genesys Cloud has the correct username and password set under the ‘Authentication’ tab.
- The BYOC edge logs show the incoming REGISTER packet is being received successfully, indicating network path is clear.
- We have disabled ‘Require Authentication’ on the carrier side to rule out upstream issues, but the 407 persists from the Genesys side.
- The timestamp in the SIP headers matches the system time on the edge, so clock skew is not a factor.
We suspect this might be related to how the Authorization header is being constructed or parsed by the BYOC edge when dealing with multi-tenant OAuth contexts. Our service account has full Telephony Admin permissions. We have tried regenerating the trunk credentials, but the behavior remains identical.
Has anyone encountered similar issues with custom SIP proxies sitting between the carrier and the BYOC edge? Are there specific header requirements or digest challenge responses that differ from standard SIP implementations? We are currently blocked on this integration and need to understand if this is a configuration error on our side or a limitation in the v2.1 connector regarding custom authentication flows.