Realtime API SIP Calls Failing with 403 Forbidden

API
, ,
1

Issue Description

Our SIP integration with the OpenAI Realtime API suddenly stopped working. All outbound SIP calls to OpenAI’s endpoint are being rejected with SIP/2.0 403 Forbidden, even though HTTP/WebSocket authentication works perfectly.

What’s Working

  • :white_check_mark: Webhook verification succeeds

  • :white_check_mark: HTTP API calls to accept endpoints work correctly

  • :white_check_mark: WebSocket connections authenticate successfully

  • :white_check_mark: Project settings and billing are confirmed as normal

What’s Failing

  • :cross_mark: All SIP INVITE requests rejected with 403 Forbidden

  • :cross_mark: OpenAI leg fails to connect to conference

  • :cross_mark: Calls reach the user’s phone but no AI audio (silent call)

Current Status

100% failure rate on SIP calls over the past week

Troubleshooting Already Done

  • Generated new API key and deployed

  • Removed old API key

  • Verified FreeSWITCH gateway configuration is correct

  • Confirmed project has Realtime API access

  • Checked billing status (all normal)

Configuration

  • Using FreeSWITCH with TLS transport

  • SIP gateway configured with correct endpoint and project ID

  • Same setup that was working previously

Question

Has anyone else experienced SIP authentication failures recently? The fact that HTTP/WebSocket auth works but SIP doesn’t suggests this might be a service-side issue rather than our configuration.

Tags (if available):

  • realtime-api

  • sip

  • api-error

  • troubleshooting

2

I’m using Asterisk in a similar configuration. I tested it now, and it’s working.

3

Hey @smadzar,

Thanks for responding and confirming it’s working on your end. We discovered our 403 errors were actually due to a funky Contact header we were sending in the SIP INVITE—it looked like gw+openai-realtime@...;transport=tls;transport=tls. Once we cleaned that up so the INVITE was just sip:proj_<id>@sip.api.openai.com;transport=tls and added back the metadata headers OpenAI cares about (X-CallId, X-SessionId, X-CallAlias, X-App), the 403s disappeared. Nothing deeper than making sure the SIP envelope matches what OpenAI expects.

Hope this helps anyone else who runs into the same issue!

1 Like