We’re building a Node.js service to handle session cleanup and need to programmatically close a Web Messaging conversation. I’m trying to call DELETE /api/v2/conversations/webmessaging/{conversationId} with a valid bearer token, but I keep getting a 403 Forbidden. The token works fine for reading conversation details. Is there a specific scope I’m missing or is this endpoint restricted?
You’re hitting a 403 because you’re likely using a user token with insufficient permissions, or an app token that’s missing the conversation:webmessaging:write scope. The DELETE endpoint isn’t just about having any valid token; it needs explicit write access to web messaging conversations.
Check your OAuth scopes. If you’re using a user-to-user flow, ensure the user has the Web Messaging Admin role or at least Agent with web messaging enabled. If you’re using client credentials (app-to-app), make sure your app’s authorization policy includes conversation:webmessaging:write.
Here’s how to verify your token’s scopes quickly using curl:
curl -X GET "https://api.mypurecloud.com/api/v2/oauth/tokens/self/scopes" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Look for conversation:webmessaging:write in the returned JSON. If it’s missing, that’s your blocker.
Also, double-check that the conversation is actually in a state that allows closure. You can’t delete a conversation that’s currently active in a way that violates retention policies or is still being processed by a flow. Try fetching the conversation details first to confirm its state is closed or abandoned. If it’s active, you might need to end the session from the client side first, or use the POST /api/v2/conversations/webmessaging/{conversationId}/participants/{participantId}/end endpoint to formally end the participant’s session before attempting deletion.
One thing to watch out for: sometimes the API returns a 403 if the conversation ID is malformed or doesn’t exist, but the error message is misleading. Verify the ID format. It should look like a standard UUID.
If you’ve got the right scopes and the conversation is in a deletable state, the DELETE call should work. If not, check the event logs for any retry patterns or dead-letter queue entries that might indicate a deeper delivery issue.