Encountering a persistent 403 Forbidden error on the /v2/webchat/sessions/create endpoint while attempting to replace our legacy Zendesk chat widget with the new Genesys Cloud Webchat widget. The migration guide suggests that mapping Zendesk user attributes to Genesys Cloud conversation metadata should be seamless, but the client-side SDK (v2.4.1) consistently fails authentication. The error payload returns {"code": "FORBIDDEN", "message": "Invalid API key or insufficient permissions for webchat create"}. We have verified that the API key has the webchat:create and conversation:write scopes enabled in the Admin Console, yet the token exchange fails immediately upon widget initialization. Comparing this to Zendesk’s setup, where the zE.chat.load() function handled authentication automatically via the embed code, this manual key management feels fragile. We are running the test in a staging environment (EU-West-1) and have cleared all browser caches and cookies to rule out session conflicts. The browser console shows the request headers include the correct Authorization: Bearer <token> and X-Genesys-Api-Key, but the server rejects it. Is there a specific IAM role requirement for the service account that the Zendesk migration docs overlooked? We are trying to replicate the seamless user handoff we had in Zendesk, where the chat history was preserved, but right now we can’t even establish the initial connection. The Architect flow for post-chat routing is already configured, but it’s moot if the session doesn’t start. Any insights into why the webchat API is rejecting valid keys would be appreciated, as this is blocking our final UAT phase.