Field Notes

Genesys Cloud Release Notes — May 25, 2026

Big week for routing architects. Also a deadline week for anyone still running OAuth Implicit Grant clients. Here's what I think matters.

TL;DR

  • ACD skill expression filters let you attach a logical skill expression to a single interaction, evaluated at assignment time, instead of spinning up yet another queue.
  • Email header fields are now readable in the API, Architect, and Scripter. Header-based routing is finally possible.
  • The Token Implicit Grant is deprecated. New OAuth clients can't use it as of this release, and existing clients stop working on May 24, 2027. Start moving to Authorization Code with PKCE now.
  • Email alert notifications now show queue and agent names, not just IDs. Small change, real quality-of-life win.

Routing

Support for ACD skill expression filters. Until now, "this interaction needs Spanish at proficiency 4 AND the billing skill" usually meant a dedicated queue, or skill combinations that bloat your routing design. Skill expression filters fix that. You define a logical expression combining ACD skills, language skills, and proficiency levels, and you apply it to an individual interaction. The system evaluates it when it picks an agent, and you can set or update it from Architect flows or the public API, even while the interaction is already sitting in queue.

Two details matter here. It works with predictive routing (GPR) as well as standard routing, so GPR shops aren't left out. And the filter lives at the interaction level, so queue configuration stays untouched and you can pilot it on a slice of traffic without reworking anything. If your org carries dozens of near-duplicate queues that exist only to encode skill combinations, this is the consolidation tool. Overdue, in my view.

Email

Access to email header fields. Genesys Cloud now surfaces standard and custom email headers where you can use them: Architect gets a Get Email Headers action, Scripter can reference header data, and the API exposes the fields directly. So you can route on a ticketing system's correlation header, or detect auto-reply and loop-prevention headers before they reach an agent. If you integrate email with external systems, this closes a long-standing gap. Header context used to be stripped away before your flow could see it, and that was a pain. About time.

Analytics and Reporting

Email alerts now include queue and agent names. Alert emails used to identify queues and agents by GUID only, which meant logging in (or keeping a lookup table handy) just to know what fired. Notifications now carry the queue or agent name alongside the ID, depending on alert type. Trivial on paper, annoying in practice, and now fixed.

Deprecations

Token Implicit Grant for OAuth clients. Put this one on your calendar. Genesys announced the deprecation on March 2, 2026, and as of this release you can't create new OAuth clients using the Implicit Grant (Browser) type. Existing clients keep working through a one-year window, with full removal on May 24, 2027. That includes Embeddable Framework applications, which historically leaned on Implicit Grant for browser-based login.

The replacement is the Authorization Code grant with PKCE, which Genesys Cloud already supports, including in embedded clients as of this same release cycle. PKCE keeps tokens out of URL fragments and blocks authorization-code interception. The OAuth 2.0 security best practices deprecated the implicit flow industry-wide for exactly those reasons, so none of this should surprise anyone.

What this means for your contact center

The skill expression filter is the strategic item. Queue sprawl is endemic in mature Genesys Cloud orgs: dozens of queues whose only job is to encode "skill A plus skill B at level X." Interaction-level expressions let you collapse those into fewer queues with dynamic filtering, which simplifies reporting and agent membership management. But do a deliberate design review instead of adopting this ad hoc. Decide where expressions replace queues and where queues still earn their keep, like distinct SLAs or separate reporting lines.

The OAuth deprecation is the urgent item. A year sounds generous. It isn't. Inventorying every integration and embedded client that authenticates with Implicit Grant takes longer than you'd expect, especially the ones built by vendors or contractors who are long gone. Anything you miss stops authenticating in May 2027, and that failure looks like agents suddenly locked out of an embedded CRM client.

Email headers are the quiet win. If you've built workarounds like subject-line tokens or SMTP relays that copy headers into the body, you can retire them now.

What to check

  • List every OAuth client in Admin > Integrations > OAuth and flag anything using Implicit Grant. Build the PKCE migration plan well before May 24, 2027.
  • Test PKCE-based login in a sandbox if you use the Embeddable Framework, since embedded clients now support it.
  • Go through your queue estate for queues that only exist to encode skill combinations, and pilot expression filters on one interaction type first.
  • Confirm how expression filters interact with your predictive routing benefit measurement if you're on GPR.
  • Look at email flows for header-based routing. Auto-reply detection and external-system correlation are the quick wins.
  • Update any alert-handling runbooks or mail rules that parse notification emails, since the content now includes names alongside IDs.

Full details are in the official Genesys Cloud release notes for May 25, 2026. Questions about how any of this hits your deployment? Email me. I read these notes closely so you don't have to.

Let's make your contact center just work.

Tell me what you're wrestling with. You'll get a straight answer from the person who'd actually do the work. No sales call in disguise.

Email me today

contact@gibsontechnologypartners.com