We’re building a custom Android UI for web messaging using the Guest API directly, bypassing the standard Messenger widget to keep the UX lightweight. I’ve got the OAuth flow working and I’m receiving an access_token for the guest scope.
However, when I try to post a message via POST /api/v2/conversations/messages, the server returns a 403 Forbidden. The JSON payload looks correct:
{
"to": [{"id": "some-queue-id"}],
"from": {"id": "guest-user-id"},
"text": "Hello from custom client"
}
I’m passing the token in the Authorization: Bearer <token> header. The token is valid because I can successfully call GET /api/v2/guests with it. It’s just the message endpoint that rejects it. Is there a specific permission or division setting I’m missing on the OAuth client? Or does the guest token need to be bound to a specific conversation ID before sending? The docs are vague on the exact sequence after token acquisition.