TAS-106 Operation is not allowed.

Three questions for you:

1. Is that a direct call to a user extension or a call via a call queue?
2. Is the app authenticated by the user who supposes to answer the call?
3. What is the call status when you call that API?

This is my first time using the RingCentral API so my apologies if I don’t get the terminology quite right or if I misunderstand your questions.

1. I have a python script making a ring-out call between the phone number associated with my RingCentral developer sandbox and my personal cell.  I am not using a call queue.
2. I’m not sure about this question…. I have a webhook running on a google cloud run server that gets called when the ring-out call is answered.  The RingCentral app has Webhook Subscriptions as part of the application scope.  All authentication is done via JWT in both the ring-out script and the webhook code.
3. It looks as if the call status at the time the API is called is ‘Setup’ with the direction as ‘Inbound’.

Attached are is a log snippet from the cloud run server:

2025-05-01 15:06:10 INFO:webhook:==> Party direction: Inbound
2025-05-01 15:06:10 INFO:webhook:Answering inbound party p-a0d7bf1351de2z1968c623b07z2f4f8d20000-2 on session s-a0d7bf1351de2z1968c623b07z2f4f8d20000
2025-05-01 15:06:10 INFO:webhook:Body contents:
2025-05-01 15:06:10 {'sequence': 3, 'sessionId': '430161195014', 'telephonySessionId': 's-a0d7bf1351de2z1968c623b07z2f4f8d20000', 'serverId': '10.13.123.241.TAM', 'eventTime': '2025-05-01T15:06:10.078Z', 'parties': [{'accountId': '3241861015', 'id': 'p-a0d7bf1351de2z1968c623b07z2f4f8d20000-2', 'direction': 'Inbound', 'to': {'phoneNumber': '+1916933xxxx', 'name': 'Jeremy Taylor', 'extensionId': '3241861015'}, 'from': {'phoneNumber': '+1647880xxxx', 'name': 'TORONTO      ON'}, 'status': {'code': 'Setup', 'rcc': False}, 'park': {}, 'missedCall': False, 'standAlone': False, 'muted': False}], 'origin': {'type': 'Call'}}
2025-05-01 15:06:10 POST 200 https://ai-assistant-webhook-588448282994.northamerica-northeast1.run.app/webhook
2025-05-01 15:06:10 POST 200 https://ai-assistant-webhook-588448282994.northamerica-northeast1.run.app/webhook
2025-05-01 15:06:10 ERROR:webhook:Failed to answer party p-a0d7bf1351de2z1968c623b07z2f4f8d20000-2 on session s-a0d7bf1351de2z1968c623b07z2f4f8d20000:
2025-05-01 15:06:10  HTTP 403 {
2025-05-01 15:06:10    "errors" : [
2025-05-01 15:06:10       {
2025-05-01 15:06:10          "errorCode" : "TAS-106",
2025-05-01 15:06:10          "message" : "Operation is not allowed"
2025-05-01 15:06:10       }
2025-05-01 15:06:10    ]
2025-05-01 15:06:10 }
2025-05-01 15:06:10  (request details: Method: POST
2025-05-01 15:06:10 URL: https://platform.ringcentral.com/restapi/v1.0/account/~/telephony/sessions/s-a0d7bf1351de2z1968c623b07z2f4f8d20000/parties/p-a0d7bf1351de2z1968c623b07z2f4f8d20000-2/answer
2025-05-01 15:06:10 Headers: {'Content-Type': 'application/json', 'Authorization': 'bearer ...', 'User-Agent': 'Unnamed/0.0.0 linux/VERSION PYTHON/VERSION RCPYTHONSDK/VERSION', 'X-User-Agent': 'Unnamed/0.0.0 linux/VERSION PYTHON/VERSION RCPYTHONSDK/VERSION', 'Content-Length': '28'})

First of all, never post sensitive info (phone number, access token etc) in public forum.

1. It’s clear now that you are making a ring-out call. But you mentioned about your sandbox account number. This is unclear to me how you can use the sandbox as RingCentral stopped supporting sandbox for almost a year.
2. As a JWT is created for an extension, you can use that JWT to authenticate the app to control calls to/from that extension’s phone number.
3. You can answer a call at “Setup” stage but you can try at the “Proceeding” (Ringing) stage as well.