refactoring our Terraform provider logic to handle dynamic queue discovery before provisioning new routing rules. The goal is to fetch the existing queue IDs to avoid duplicate resource conflicts during the apply phase.
The issue is that the GET request to /api/v2/routing/queues is returning a 403 Forbidden status. I have verified the OAuth client configuration multiple times. The client definitely has the routing:queue:view scope assigned. I even added routing:queue:edit just to be sure, but the result remains the same.
Here is the cURL command I am using for the test:
curl -X GET "https://api.mypurecloud.com/api/v2/routing/queues" \
-H "Authorization: Bearer <valid_token>" \
-H "Accept: application/json"
The response body is minimal:
{
"errors": [
{
"code": "forbidden",
"message": "Forbidden"
}
]
}
I checked the token payload using a JWT decoder. The scope claim contains routing:queue:view routing:queue:edit openid email profile. The token is not expired. I tried regenerating the access token and using a different client ID that has admin privileges, yet I still get the 403.
Is there a hidden scope requirement for this endpoint that is not documented? Or perhaps a role-based permission on the user associated with the service account that is blocking the API call regardless of the OAuth scopes? I am stuck on this drift detection logic.