Getting 403 Forbidden when calling /api/v2/routing/queues - which OAuth scope is needed

GET /api/v2/routing/queues
Authorization: Bearer

Returns 403 Forbidden. The service account’s got routing:queue:read attached, but the pipeline’s still bombing out during the Terraform plan refresh. Token payload looks fine, so it’s probably a missing dependency scope or state lock issue. Need the exact scope string to fix the runner auth.