What’s the best way to terminate a Web Messaging session from my Node.js GraphQL gateway?
To end a conversation, send a DELETE request to /api/v2/conversations/webmessaging/{conversationId} with the conversations:write scope.
I am hitting 403 Forbidden despite having webmessaging:write. The SDK method deleteWebmessagingConversation throws the same error. The session remains active. Is there a hidden scope or a different endpoint for backend-initiated closure?
It depends, but generally… scope hierarchy is the culprit here. You likely have the wrong token type or insufficient permissions on the OAuth client.
- Check your OAuth client settings. Conversations:write is required, not just webmessaging scopes.
- Use the Fetch API directly to debug. SDKs often mask 403 details.
const res = await fetch(`/api/v2/conversations/webmessaging/${id}`, {
method: 'DELETE',
headers: { 'Authorization': `Bearer ${token}` }
});
console.log(res.status, await res.text());
If you still get 403, check the effective permissions of the service account. See KB-9921: Scope Resolution for Web Messaging.