Getting 403 Forbidden on /api/v2/routing/queues despite having routing:queue:view

NICE CXone API & Integrations
1

We’re building a custom agent desktop using the Genesys Cloud JavaScript SDK. The app needs to fetch queue details dynamically based on the agent’s current state. Everything was working fine in our dev environment, but after moving to production, we started hitting 403 Forbidden errors when trying to list queues.

Here’s the setup:

  • Using the @genesyscloud/purecloud-platform-client-v2 npm package
  • OAuth client is configured with offline grant type
  • The service account has the routing:queue:view scope attached
  • We’re using the routingApi.getRoutingQueues() method from the SDK

The code looks like this:

const { RoutingApi, PlatformClient } = require('@genesyscloud/purecloud-platform-client-v2');

const client = PlatformClient.createClient();
client.login({
 clientId: process.env.GENESYS_CLIENT_ID,
 clientSecret: process.env.GENESYS_CLIENT_SECRET,
 grantType: 'client_credentials'
}).then(() => {
 const routingApi = new RoutingApi(client);
 routingApi.getRoutingQueues({
 pageSize: 100
 }).then(response => {
 console.log('Queues:', response.body.entities);
 }).catch(err => {
 console.error('Error fetching queues:', err);
 });
});

The error response is:

{
 "message": "Access denied. You do not have permission to perform this action.",
 "statusCode": 403
}

We’ve verified that the OAuth token is valid and not expired. We can successfully call other endpoints like /api/v2/users/me and /api/v2/analytics/conversations/summary with the same token. The scope routing:queue:view is definitely attached to the client application in the Genesys Cloud admin console.

We’ve also tried:

  • Refreshing the OAuth token
  • Using a different service account with the same scopes
  • Calling the REST API directly instead of using the SDK

Nothing seems to work. The error message is pretty clear about permissions, but we’re not sure which scope we’re missing. The documentation isn’t super clear on this one.

What scope do we actually need to call /api/v2/routing/queues? Are there any other permissions we need to check? We’ve been stuck on this for a few days now. Any help would be appreciated.