I am building an HTML widget, through which one could reply to messages and comments.
The calls would be to /api/core/v3/messages/ or /api/core/v3/comments/
The comments work fine, but the messages throw a 403 - Forbidden error. No authorization header is sent, but it works on all calls except the messages. Also, the user is anyway shown (through GET calls) only those content he has access to.
If I test the same on a REST client (I use Postman chrome app) with the same post data, all is fine (though I use Basic Authorization header when using the client)
Is there anything which makes messages different from comments? Thanks!