BYO SIP Trunk, error 403 Forbidden
# supportz
Zaji
04/03/2025, 7:08 AMHi,
I can't find out why i get a 403 Forbidden when i try to do an INBOUND call
Outbound Call is working.
Is there something specific inside the SIP Header to add ?
Digest Auth ? Basic Auth ?
How can you help me to resolve and allow inbound calls ?
v
Vapi Support Bot
04/03/2025, 7:10 AMHi there! 👋 I understand you're experiencing a 403 Forbidden error with inbound calls on your BYO SIP Trunk, while outbound calls are working fine.
While I can't diagnose your specific issue without more details about your setup, I can definitely help with common causes and troubleshooting steps for this exact problem.
Here are some potential causes and solutions for your 403 Forbidden error:
### Destination Configuration
Make sure you're sending inbound requests to sip.vapi.ai and not directly to IP addresses. According to [our documentation](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1329037681908383794), all requests to direct IP addresses are blocked.
### Authentication Issues
If your PBX trunk requires authentication:
- Ensure your credentials are correctly configured in your API call when creating the SIP trunk configuration
- You may need to include username/password in the Authorization header
- If using SIP-URI for authentication, ensure the username matches your SIP URI (e.g., if your SIP URI is sip:1111212@sip.vapi.ai, use 1111212 as the username) as mentioned in [our troubleshooting guide](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1329143416386355270)
### Network Configuration
- Check if your firewall is properly configured to allow SIP traffic
- SIP ALG (Application Layer Gateway) settings might be interfering with SIP messages
- Verify ports are open (typically 5060 for non-encrypted traffic)
### SIP System Requirements
Your SIP system might require specific headers or settings. According to [our support documentation](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1334919245468799007), verify with your SIP system administrator if there are any specific requirements for:
- Expected headers
- Authentication methods
- Supported SIP methods
### Regarding Digest Auth vs Basic Auth
For Digest Authentication:
Vapi Support Bot
04/03/2025, 7:10 AM- When you send an initial INVITE without credentials, the server responds with a 401 Unauthorized and a nonce value
- You then need to resend the INVITE with proper Authorization header including username, realm, nonce, uri, and a computed MD5 hash
For Basic Authentication:
- This involves using a username and password during call setup
The specific authentication method required depends on your SIP provider's configuration.
Is there any additional information you can share about your setup that might help me provide more specific guidance?
Sources:
- [Discord conversation about inbound requests destination](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1329037681908383794)
- [Troubleshooting guide for SIP authentication](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1329143416386355270)
- [Support documentation on SIP system requirements](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1334919245468799007)
- [Documentation on authentication methods](https://discord.com/channels/1211482211119796234/1211483291191083018/threads/1334238882660618250)
z
Zaji
04/03/2025, 9:22 AMWhat kind of username need to be inside the Header, i can't seems to find out in the documentation
s
Sarthak
04/06/2025, 9:15 AMchecking if this is resolved/solved for you?
s
sarimfaheem
04/17/2025, 4:29 PMUn luck on solution of this issue?
s
Sarthak
04/19/2025, 8:37 PMHey there is some issue from our end and we are working on it.