We are trying to automate the closure of Web Messaging sessions from our backend service. The workflow is straightforward. An agent handles the chat in Genesys Cloud. Once the agent ends the interaction, our system receives a webhook. We then need to close the session on the guest side so the widget doesn’t stay open or show stale data.
The Guest API documentation mentions a POST /api/v2/guest/web-messaging/conversations/{conversationId}/close endpoint. We have the conversation ID from the webhook payload. We also have the guest token generated at the start of the session.
Here is the request we are sending:
POST /api/v2/guest/web-messaging/conversations/conv-12345/close
Authorization: Bearer <guest_token>
Content-Type: application/json
{}
The response is consistently a 403 Forbidden. The error body is minimal:
{
"message": "Not authorized",
"errors": [
"Not authorized"
]
}
We verified the guest token is still valid by calling GET /api/v2/guest/web-messaging/conversations. That returns the conversation details successfully. The token has the correct scope for web messaging.
We are using a standard OAuth 2.0 client credentials flow to get the guest token initially. The token expires in an hour, but these sessions usually last less than 5 minutes. So expiration is not the issue here.
Is there a specific permission required on the OAuth client for this endpoint? Or is the guest token not allowed to modify the conversation state directly? We tried using our service account access token instead, but that gives a 404 Not Found for the conversation ID. That suggests the guest token is the right path but something is missing.
We are running this in a Node.js environment. The HTTP client is Axios. No special headers are being stripped. The conversation ID matches exactly what is in the URL.
Any ideas on what might be blocking this request? We need a reliable way to close the session programmatically.