Trying to close web messaging sessions programmatically from our backend to clean up OTel traces. Calling POST /api/v2/webmessaging/sessions/{sessionId}/close with a service account token. Getting a 403 Forbidden.
The account has webmessaging:session:write scope. Works fine for creating sessions. The session ID is valid and active.
Is there a specific permission needed for closing? Or is this endpoint restricted to the guest token only?
webmessaging:session:write isn’t enough. You need webmessaging:session:admin.
The close endpoint requires administrative rights over the session lifecycle. Service accounts usually miss this unless explicitly granted.
Check the client scopes in your OAuth client config. Add webmessaging:session:admin and regenerate the token.
curl -X POST "https://api.mypurecloud.com/api/v2/webmessaging/sessions/{sessionId}/close" \
-H "Authorization: Bearer <new_token_with_admin_scope>" \
-H "Content-Type: application/json"
If that still 403s, verify the service account user role has the “Web Messaging Administrator” feature enabled. Sometimes the scope is there but the user profile blocks the action.