Stuck on a persistent 401 Unauthorized error when trying to initialize the WebRTC softphone for agents migrating from Zendesk Talk. We are in the middle of a cutover and the digital channels are live, but voice is failing.
- Environment: Genesys Cloud EU-West
- SDK: @genesys/cloud-architect-web-sdk v2.4.1
- Browser: Chrome 120.0.6099.130 (Windows 11)
- Source: Zendesk Talk (PSTN integration)
- Config: BYOC Edge enabled, STUN/TURN servers verified
The issue occurs immediately after the agent clicks ‘Connect’ in our custom portal. The backend logs show the JWT is valid and the user is authenticated in Genesys Cloud. However, the browser console throws a 401 when attempting to establish the WebSocket connection to the signaling server.
In Zendesk, the connection was stateless and handled entirely by their infrastructure. We assumed Genesys Cloud would behave similarly for the initial handshake. The error payload is minimal:
{ "code": "unauthorized", "message": "Invalid or expired token for media service" }
We have verified the access token expiration is set to 86400 seconds. The token is refreshed via the standard refresh flow before use. Yet, the media service seems to reject it. Is there a specific scope missing in the token generation that Zendesk did not require? In Zendesk, we only needed the agent ID. In Genesys, are we missing a ‘webphone’ or ‘media’ scope?
We tried regenerating the API keys and recreating the integration, but the result is identical. The Architect flow for routing is not even being hit because the softphone never connects. This is blocking our voice migration phase. Any insight into the specific permissions required for the WebRTC signaling handshake compared to the legacy Zendesk setup would be appreciated. We want to ensure our token generation logic matches Genesys expectations exactly.