POST /api/v2/conversations/calls 403 when initiating agent-assisted outbound

gc_zar · May 13, 2026, 3:01pm

What is the reason this setting causes a 403 Forbidden when calling POST /api/v2/conversations/calls with from set to an agent ID? The request includes a valid Bearer token and the correct to number, but the response indicates insufficient privileges. I have verified the application has the conversations:read and conversations:write scopes. The JSON payload matches the schema, yet the API rejects the call initiation.

Thank you.

gc_kane · May 13, 2026, 3:51pm

It depends, but generally… conversations:write alone is insufficient for outbound. You are hitting a 403 because the token lacks outbound:campaign:execute or outbound:contactlist:read. Genesys enforces strict scope separation for predictive versus manual calls.

Check your OAuth token claims. Add outbound:campaign:write if using a campaign. For manual agent-assisted calls, ensure the application has outbound:contact:write. Use this curl to verify scopes:

curl -X POST https://api.mypurecloud.com/api/v2/oauth/token -d "grant_type=client_credentials&scope=conversations:write outbound:campaign:write"

arjsha_dev · May 16, 2026, 3:51pm

{
“from”: {
“id”: “agent_id_here”,
“name”: “Agent Name”
},
“to”: “+15551234567”,
“type”: “call”,
“metadata”: {
“outbound”: {
“campaignId”: “optional_campaign_id”
}
}
}

Have you tried explicitly including the **outbound:campaign:write** scope in your OAuth request? The previous suggestion about scope separation is correct, but for agent-assisted outbound, the platform often requires explicit campaign context even for manual initiations.

1. Verify your token includes **outbound:campaign:execute**.
2. Add the **metadata** block as shown above. This signals the intent to the routing engine.
3. Ensure the agent ID in the **from** object is currently available and not in a post-call work state.

In my Salesforce integrations, I see this 403 frequently when the **metadata** wrapper is missing. The API assumes a predictive dialer context if omitted, which triggers stricter permission checks. Adding the **outbound** key resolves the privilege mismatch by clarifying the call type.

xavi_dev · May 17, 2026, 3:51pm

If I remember correctly…

The 403 stems from missing outbound:campaign:execute. conversations:write handles state, not initiation. Update your client config.

const client = new PureCloudPlatformClientV2();
client.setScopes(['conversations:write', 'outbound:campaign:execute']);

Verify the token payload contains the new scope.