Trying to drop a specific leg from a conference via the PATCH endpoint. Sending a simple JSON payload with the participantId and action set to disconnect, but hitting a 403 Forbidden. Permissions look fine since I can read the conference details, so not sure what’s blocking the update.
You’re likely hitting the scope gap. Reading conference details only needs conversation:view, but modifying participants requires conversation:write. The 403 isn’t usually a permissions config error on the user side, it’s almost always the OAuth token lacking the write scope.
Check your token scopes. If you’re using a service account or an embedded client, make sure conversation:write is explicitly granted.
Also, the payload structure for participant actions can be tricky if you’re not using the SDK. Here’s the exact JSON shape that works for disconnecting a leg:
{
"participants": [
{
"participantId": "the-uuid-of-the-leg-to-drop",
"action": "disconnect"
}
]
}
If you’re doing this from the Embeddable Client App SDK, you don’t really need to call the API directly. You can use the platformClient to handle the conference state. It’s cleaner and handles the scope negotiation for you.
const { platformClient } = require('@genesyscloud/genesyscloud');
// Assuming you have an authenticated platformClient instance
const updateConference = async (conferenceId, participantId) => {
try {
const response = await platformClient.ConversationsApi.patchConversationConferenceParticipants(
conferenceId,
{
participants: [
{
participantId: participantId,
action: 'disconnect'
}
]
}
);
console.log('Participant disconnected:', response.data);
} catch (error) {
console.error('Failed to disconnect participant:', error);
// Check if error is 403 and inspect scopes if so
}
};
If you’re still getting 403s with conversation:write attached, check if the user has the Manage conversations role. Some orgs restrict conference manipulation to supervisors. It’s a common gotcha when setting up custom desktop apps.