Trying to build a custom web chat interface using the Guest API to bypass the standard Messenger widget. We need full control over the UI for a specific client portal. I’ve got the initial POST /api/v2/conversations/messaging/guest working fine, returning the messagingSessionId and guestId.
The issue hits when I try to send the first message via POST /api/v2/conversations/messaging/external/message. I’m passing the session ID and guest ID in the header, plus the JSON payload. It returns a 403 Forbidden with "reason": "FORBIDDEN" and "message": "Forbidden".
Here’s the payload I’m sending:
{
"from": {
"id": "guest-123-abc",
"name": "Test User"
},
"to": {
"id": "my-bot-id",
"type": "bot"
},
"text": "Hello, I need help."
}
The OAuth token has messaging:guest and messaging:read scopes. Subsequent messages work if I retry immediately, but the first one always fails. Am I missing a handshake step or is the token scope wrong?