Trying to kick off a cobrowse session via POST /api/v2/conversations/cobrowse/sessions from our custom widget. The payload includes the target conversation ID and agent ID but I keep hitting a 403 Forbidden error. Permissions look correct in the app settings. Is there a specific scope missing for this endpoint?
Checked the docs again. The 403 usually means the token lacks the specific cobrowse:session:write scope. Standard conversation:read isn’t enough. You need to ensure your OAuth client has this scope assigned in the admin portal under Security > OAuth Clients.
Here is how you verify and set it up using the PureCloud SDK:
const client = new PureCloudPlatformClientV2();
await client.loginOAuthClientCredentials("your_client_id", "your_client_secret");
// Check current scopes
const app = await client.OAuthApi.getOAuthClient("your_client_id");
console.log(app.scopes);
// You must add 'cobrowse:session:write' to the scopes list in the UI or via API
// Then regenerate the token.
Also check if the agent ID in your payload has the cobrowse:session:write permission in their role. If the token is fine but the user isn’t, you still get a 403. Sometimes the error message is misleading about which part failed. Try swapping in a super admin token to isolate if it’s app permission or user permission.