Struggling to understand why the /api/v2/wfm/scheduling/schedules/{scheduleId}/export endpoint returns a 403 Forbidden error when called by a service account that has full wfm:scheduling:read permissions. The account works perfectly for fetching schedule details via the standard GET endpoint, but the export function fails immediately. This is blocking our automated compliance audit process that runs every Tuesday morning in Chicago time. We need this data pulled into our external SIEM for retention policy verification, but the current scope seems too restrictive for bulk data retrieval.
The error response body is minimal, just {"code":"forbidden_error","message":"Access denied"}. I have verified the OAuth token is valid and the user is part of the correct WFM Admin group. Is there a separate permission scope required for the export action, or does the export endpoint enforce stricter data loss prevention rules that bypass standard RBAC checks? We are using the Python SDK v2.14.0 to make the call. Any insight into the specific permission matrix for this endpoint would be incredibly helpful so we can adjust our service account configuration accordingly.