Just noticed that my attempts to programmatically assign a wrap-up code after a web messaging interaction ends are failing with a 403 Forbidden. The error payload is pretty clear about permissions but I’ve verified the OAuth scope includes conversation:write.
Here’s the POST request I’m sending to /api/v2/conversations/interactions/{interactionId}/wrapup:
{
"wrapUpCode": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
},
"wrapUpReason": "Case Resolved"
}
The response body:
{
"errors": [
{
"parameter": "",
"code": "FORBIDDEN",
"message": "You do not have permission to perform this action."
}
]
}
I’m using the Python SDK (platformclientv2). The flow is: user closes chat → backend receives EventBridge event → backend calls API to set wrap-up. The user token used for the initial conversation has the correct permissions, but I’m testing with a service account token that has conversation:write and analytics:read.
Wait, actually, I just checked the docs again. Is it possible that conversation:write isn’t enough for wrap-up codes specifically? Or do I need conversation:wrapup? I haven’t seen that scope listed explicitly in the main OAuth docs.
Also, the interaction ID is definitely correct. I can GET the interaction details without issue. It’s only the wrap-up endpoint that blocks me.
I’m in Sao Paulo, so maybe there’s some regional quirk with how permissions are cached? Seems unlikely.
Has anyone else hit this wall? I’ve tried adding conversation:read and user:read but no luck. The service account is assigned to a role that includes all Conversation permissions.
Thanks for any insights.