We’ve got a backend service that needs to kill off stale Web Messaging sessions automatically. The standard client-side closeSession works fine, but we need to do this server-side via the API.
I’m hitting POST /api/v2/webmessaging/sessions/{sessionId}/close with a valid OAuth token generated by our service account. The docs say this should work, but I keep getting a 403 Forbidden response. The JSON payload is just {} since the endpoint doesn’t seem to require a body.
Here’s the cURL equivalent:
curl -X POST "https://api.mypurecloud.com/api/v2/webmessaging/sessions/abc-123/close" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{}'
The token has webmessaging:read and webmessaging:write scopes. I verified the session ID exists and is in an active state by calling the GET endpoint first. That works. It’s just the close action that fails.
Is there a specific scope I’m missing? Or maybe the service account needs a role assignment I haven’t checked yet? I’ve tried adding webmessaging:manage but that didn’t change anything.
Anyone else hit this wall?