We are trying to kick off a cobrowse session programmatically from our backend service. The goal is to start a session when a specific trigger happens in our CRM, then inject the session token into the customer’s browser via a webhook. We’re using the Genesys Cloud REST API endpoint POST /api/v2/conversations/cobrowse.
Here is the request payload we are sending:
{
"type": "cobrowse",
"from": {
"id": "agent-user-id-123"
},
"to": [
{
"id": "customer-user-id-456",
"type": "user"
}
],
"wrapupCode": null
}
The API returns a 403 Forbidden with the message: User does not have permission to perform this action.
We’ve verified the following:
- The OAuth token is generated using a service account that has the
cobrowse:adminandcobrowse:agentscopes. - The
fromuser (agent) exists and is active. - The
touser (customer) is also active.
We checked the user roles in the admin UI. The agent has the “Agent” role and the service account has “Custom” role with the necessary permissions added. We also tried adding the cobrowse:manage permission to the service account, but it didn’t help.
Is there a specific permission missing? Or is the API endpoint different for initiating a session vs managing one? We want to avoid using the Web SDK for this specific flow because we need to handle the session logic server-side before pushing the token to the client.
Any insights on what we might be missing in the permissions or the request structure would be appreciated. We are stuck on this for two days now. The documentation isn’t very clear on the exact permissions required for the initiating user vs the service account making the call.