Resources/The Agent API Atlas/Communication/Webex

Everything an AI agent can do with the Webex API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints33

API versionv1

Last updated23 June 2026

Orientation

How the Webex API works.

The Webex API is how an app or AI agent works with a Webex workspace: posting messages to a space, creating spaces and adding people to them, looking up people, and scheduling meetings. Access is granted through an access token and a set of scopes that decide what each call can read or write, and an agent is limited to the spaces and people that token reaches. Webex can also push events to a webhook URL when something happens, like a message being posted or a person joining a space.

33Endpoints

9Capability groups

15Read

18Write

15Permissions

Authentication

Every call sends an access token as 'Authorization: Bearer '. Four token types exist: an OAuth integration token that acts on a user's behalf with chosen scopes, a bot token with its own identity in a space, a personal access token for testing, and a service app token for organization-wide automation under admin authorization. An OAuth integration is the least-privilege route, because each scope is granted or withheld one at a time.

Permissions

Scopes follow a regular pattern of spark:_read and spark:_write, such as spark:messages_read, spark:messages_write, spark:rooms_write, spark:memberships_write, spark:people_read, spark:teams_write, and spark:team_memberships_write. Meeting methods use meeting:schedules_read and meeting:schedules_write, with meeting:admin_schedule_write for acting on behalf of another host. The spark:all scope grants every user-level permission at once, and the compliance events endpoint needs spark-compliance:events_read, which can return message content across the organization.

Versioning

The REST API serves a single current version, version 1, and does not mint new version numbers for changes. Dated additions, behavior changes, and deprecations ship through the developer changelog, so an integration tracks that timeline rather than pinning a version. Deprecations are announced with a date before the old behavior is removed.

Data model

The API is resource-oriented JSON over HTTPS at https://webexapis.com/v1. The core resources are messages, rooms (the spaces that hold them), memberships (a person in a space), people, teams, and team memberships, with meetings on the same base. A bot only reaches the spaces it has been added to, and in a group space only messages that mention it. Webhooks push a chosen resource and event to a URL so an integration does not have to poll.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Webex determines what it can reach. There is a route for an app that acts on behalf of a Webex user, a route for a bot with its own identity in a space, a hosted server that exposes Webex tools to agents, and an event stream, each governed by the access token behind it and the scopes that token carries.

Ways to connect

REST API

The REST API answers at https://webexapis.com/v1. It serves a single current version, version 1, and ships dated changes through a developer changelog.

Best forConnecting an app or AI agent to Webex.

Governed byThe access token and the scopes it carries.

Docs ↗

Bot account

A bot is a Webex account with its own identity that an app posts and acts as inside a space. A bot is added to spaces like a person, and in a group space it only sees messages that mention it.

Best forAn assistant that participates in a space.

Governed byThe bot's access token, which carries the full set of messaging scopes.

Docs ↗

MCP server (Model Context Protocol)

Webex publishes official Model Context Protocol servers, including a Messaging server and a Meetings server, that let an agent create, edit, and retrieve messages, manage spaces and memberships, and schedule and look up meetings. The overview is at developer.webex.com/mcp.

Best forConnecting an AI agent to Webex over the Model Context Protocol.

Governed byA Webex access token and the scopes it carries.

Docs ↗

Webhooks

Webhooks post a registered resource and event, such as a message being created or a membership deleted, to a receiver URL. A secret set on the webhook signs each delivery with an X-Spark-Signature header so the receiver can confirm it came from Webex.

Best forReceiving events without polling.

Governed byThe read scope for the chosen resource.

Docs ↗

Authentication

OAuth integration

An OAuth integration asks a Webex user to authorize a chosen set of scopes, then acts on that user's behalf with an access token that expires and refreshes. It is the least-privilege route, because each scope is granted or withheld individually.

TokenOAuth user access token

Best forActing on behalf of a Webex user with chosen scopes

Docs ↗

Bot token

A bot has its own account and a long-lived access token that carries the full messaging scope set. A bot only reaches the spaces it has been added to, and in a group space only messages that mention it.

TokenBot access token

Best forAn assistant identity inside a space

Docs ↗

Personal access token

A personal access token from the developer portal acts as the signed-in developer with full scopes. It expires after a short period and is intended for testing, not production.

TokenPersonal access token

Best forTesting and exploration

Docs ↗

Service app

A service app acts on an organization's behalf with admin-level scopes once an administrator authorizes it, using its own credentials rather than a single user's login.

TokenService app access token

Best forOrganization-wide automation under admin authorization

Docs ↗

Capability map

What an AI agent can do in Webex.

The Webex API is split into areas an agent can act on, like messages, spaces, memberships, people, teams, and meetings. Each area has its own methods and its own scopes, and some return personal data such as people's email addresses and display names.

Messages

6 endpoints

List, read, create, edit, and delete messages in a space or direct conversation, including text, rich text, and file attachments.

Writes here post or remove real messages people see.

View endpoints →

Spaces

5 endpoints

List, read, create, update, and delete spaces, the group and direct conversations that hold messages and people.

Writes here change or delete real conversations.

View endpoints →

Memberships

4 endpoints

List, read, create, update, and delete memberships, the link between a person and a space, which is how people are added to or removed from a conversation.

Writes here add or remove real people from a space.

View endpoints →

People

4 endpoints

Read the calling user's own details, look up and list people, and on an admin token create, update, and delete people in the organization.

Writes here change or remove real user accounts.

View endpoints →

Teams

2 endpoints

List, read, create, update, and delete teams, the grouping that ties related spaces together.

Writes here change or delete real teams.

View endpoints →

Team memberships

3 endpoints

List, read, create, update, and delete the memberships that place people in a team.

Writes here add or remove real people from a team.

View endpoints →

Meetings

5 endpoints

List, read, create, update, and delete scheduled meetings, and end a meeting that is running.

Writes here change or cancel real scheduled meetings.

View endpoints →

Webhooks

3 endpoints

List, read, create, update, and delete webhooks that push events to a registered URL.

Writes here change where Webex sends event notifications.

View endpoints →

Events

1 endpoint

List and read the events that have happened in an organization, such as messages created or memberships changed, on a compliance officer token.

Reads here can return the content of messages across the organization.

View endpoints →

Endpoint reference

Every Webex API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Messages List, read, create, edit, and delete messages in a space or direct conversation, including text, rich text, and file attachments.6
GET	`/messages`	List messages in a space, optionally filtered to those mentioning a person or before a date.	read	`spark:messages_read`	Current
A bot only sees messages in spaces it belongs to, and in a group space only messages that mention the bot. Acts onmessage Permission (capability)`spark:messages_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/messages/direct`	List the direct, one-to-one messages between the caller and a given person.	read	`spark:messages_read`	Current
Identifies the other person by personId or personEmail. Acts onmessage Permission (capability)`spark:messages_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/messages/{messageId}`	Get the details of a single message by its id.	read	`spark:messages_read`	Current
Returns the text, markdown, files, and the sender. Acts onmessage Permission (capability)`spark:messages_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/messages`	Post a message to a space or a person, as plain text or markdown, with up to one file attachment.	write	`spark:messages_write`	Current
Targets a roomId for a space or a toPersonId or toPersonEmail for a direct message. File previews render for attachments of 1MB or less. Acts onmessage Permission (capability)`spark:messages_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/messages/{messageId}`	Edit the text or markdown of a message the caller sent.	write	`spark:messages_write`	Current
Only a message's own author can edit it, and a file attachment cannot be changed by an edit. Acts onmessage Permission (capability)`spark:messages_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/messages/{messageId}`	Delete a message by its id.	write	`spark:messages_write`	Current
A user can delete their own messages, and a space moderator can delete anyone's. Acts onmessage Permission (capability)`spark:messages_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Spaces List, read, create, update, and delete spaces, the group and direct conversations that hold messages and people.5
GET	`/rooms`	List the spaces the caller belongs to.	read	`spark:rooms_read`	Current
Can be filtered to group spaces, direct spaces, or the spaces within a team. Acts onspace Permission (capability)`spark:rooms_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/rooms/{roomId}`	Get the details of a single space.	read	`spark:rooms_read`	Current
Returns the title, type, team, and creation time. Acts onspace Permission (capability)`spark:rooms_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/rooms`	Create a group space, optionally inside a team.	write	`spark:rooms_write`	Current
The caller becomes a member and moderator of the new space. Acts onspace Permission (capability)`spark:rooms_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/rooms/{roomId}`	Update a space, such as its title.	write	`spark:rooms_write`	Current
A direct space cannot be renamed. Acts onspace Permission (capability)`spark:rooms_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/rooms/{roomId}`	Delete a space and remove all of its members.	write	`spark:rooms_write`	Current
Deleting a space is permanent and removes its message history for everyone. Acts onspace Permission (capability)`spark:rooms_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Memberships List, read, create, update, and delete memberships, the link between a person and a space, which is how people are added to or removed from a conversation.4
GET	`/memberships`	List the memberships of a space, the people in it and their roles.	read	`spark:memberships_read`	Current
Can be filtered by roomId, or by personId or personEmail across spaces. Acts onmembership Permission (capability)`spark:memberships_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/memberships`	Add a person to a space, optionally as a moderator.	write	`spark:memberships_write`	Current
Identifies the person by personId or personEmail. Adding someone to a space gives them its message history. Acts onmembership Permission (capability)`spark:memberships_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/memberships/{membershipId}`	Update a membership, such as promoting a person to moderator or demoting them.	write	`spark:memberships_write`	Current
The isModerator field controls the role. Acts onmembership Permission (capability)`spark:memberships_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/memberships/{membershipId}`	Remove a person from a space.	write	`spark:memberships_write`	Current
The person loses access to the space and its history. Acts onmembership Permission (capability)`spark:memberships_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
People Read the calling user's own details, look up and list people, and on an admin token create, update, and delete people in the organization.4
GET	`/people/me`	Get the profile of the person the token authenticates as.	read	`spark:people_read`	Current
Returns the caller's own display name, emails, and id. Acts onperson Permission (capability)`spark:people_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/people`	List people in the organization, filtered by email, display name, or id.	read	`spark:people_read`	Current
Returns people's email addresses and display names. A search filter such as email or displayName is required. Acts onperson Permission (capability)`spark:people_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/people/{personId}`	Get the details of a single person by their id.	read	`spark:people_read`	Current
Returns the person's email addresses and display name. Acts onperson Permission (capability)`spark:people_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/people`	Create a new person in the organization.	write	`spark:people_write`	Current
Requires an administrator token. Creating people is restricted to an organization administrator. Acts onperson Permission (capability)`spark:people_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Teams List, read, create, update, and delete teams, the grouping that ties related spaces together.2
GET	`/teams`	List the teams the caller belongs to.	read	`spark:teams_read`	Current
Returns each team's name and creation time. Acts onteam Permission (capability)`spark:teams_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/teams`	Create a team and a primary space within it.	write	`spark:teams_write`	Current
The caller becomes the team's first member and moderator. Acts onteam Permission (capability)`spark:teams_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Team memberships List, read, create, update, and delete the memberships that place people in a team.3
GET	`/team/memberships`	List the people in a team.	read	`spark:team_memberships_read`	Current
Filtered by teamId. Acts onteam membership Permission (capability)`spark:team_memberships_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/team/memberships`	Add a person to a team, optionally as a moderator.	write	`spark:team_memberships_write`	Current
Adding someone to a team gives them access to its spaces. Acts onteam membership Permission (capability)`spark:team_memberships_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/team/memberships/{membershipId}`	Remove a person from a team.	write	`spark:team_memberships_write`	Current
The person loses access to the team's spaces. Acts onteam membership Permission (capability)`spark:team_memberships_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Meetings List, read, create, update, and delete scheduled meetings, and end a meeting that is running.5
GET	`/meetings`	List scheduled meetings the caller hosts or is invited to.	read	`meeting:schedules_read`	Current
An admin listing on behalf of others needs meeting:admin_schedule_read. Acts onmeeting Permission (capability)`meeting:schedules_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/meetings/{meetingId}`	Get the details of a single meeting, including its join links.	read	`meeting:schedules_read`	Current
Returns the start and end times, agenda, and host details. Acts onmeeting Permission (capability)`meeting:schedules_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/meetings`	Schedule a meeting with a title, start and end time, and invitees.	write	`meeting:schedules_write`	Current
Scheduling on behalf of another host needs meeting:admin_schedule_write. Acts onmeeting Permission (capability)`meeting:schedules_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/meetings/{meetingId}`	Update a scheduled meeting, such as its time or invitees.	write	`meeting:schedules_write`	Current
A PATCH variant updates only the supplied fields. Acts onmeeting Permission (capability)`meeting:schedules_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/meetings/{meetingId}`	Cancel a scheduled meeting.	write	`meeting:schedules_write`	Current
Cancelling a meeting can notify the invitees by email. Acts onmeeting Permission (capability)`meeting:schedules_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks List, read, create, update, and delete webhooks that push events to a registered URL.3
GET	`/webhooks`	List the webhooks the caller has created.	read	—	Current
No extra scope beyond the token that created the webhooks. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/webhooks`	Create a webhook that posts a chosen resource and event to a target URL.	write	—	Current
Creating a webhook for a resource needs the read scope for that resource, such as spark:messages_read for the messages resource. A secret signs each delivery. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/webhooks/{webhookId}`	Delete a webhook so it stops receiving events.	write	—	Current
Webex also disables a webhook automatically after repeated delivery failures. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Events List and read the events that have happened in an organization, such as messages created or memberships changed, on a compliance officer token.1
GET	`/events`	List events across the organization, such as messages created or memberships changed, on a compliance officer token.	read	`spark-compliance:events_read`	Current
Restricted to a compliance officer in the organization, and can return the content of messages across all spaces. Acts onevent Permission (capability)`spark-compliance:events_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Webex can notify an app or AI agent when something happens in a space, like a message being posted, a person joining, or a meeting starting. Webex posts the event to a webhook URL that has been registered for a chosen resource and event, so an integration learns about activity without polling.

Event	What it signals	Triggered by
`messages / created`	Fires when a message is posted to a space the webhook covers, including a direct message or a mention of a bot.	In-app only
`messages / deleted`	Fires when a message is deleted.	In-app only
`memberships / created`	Fires when a person is added to a space.	In-app only
`memberships / updated`	Fires when a membership changes, such as a person being promoted to or demoted from moderator.	In-app only
`memberships / deleted`	Fires when a person is removed from a space.	In-app only
`rooms / created`	Fires when a space is created.	In-app only
`rooms / updated`	Fires when a space is updated, such as a title change.	In-app only
`attachmentActions / created`	Fires when a person submits a card the bot posted, such as a form built with Buttons and Cards.	In-app only
`meetings / started`	Fires when a meeting starts.	In-app only
`meetings / ended`	Fires when a meeting ends.	In-app only

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Webex limits how fast an app or AI agent can call, with a per-endpoint ceiling of roughly 300 requests per minute that the messages and people methods raise dynamically, and a bot's limits are less restrictive than an end user's.

Request rate

Webex meters requests per endpoint rather than across the whole token. Most REST methods allow roughly 300 requests per minute, while the messages and people methods carry a higher quota that Webex adjusts dynamically. A bot account has less restrictive limits than an end-user account, and because limits are shared per user, a large workload is best partitioned across separate users running concurrent tasks. Going over returns 429 Too Many Requests with a Retry-After header that gives the number of seconds to wait before calling the same endpoint again.

Pagination

List methods return up to a max number of items set by the max query parameter, and a Link response header carries the next URL when more results exist. The next link should be followed rather than built by hand, since it encodes the cursor for the following page.

Request size

Requests and responses are JSON. A message may carry one file attachment, and file previews render for attachments of 1MB or less. Each response includes a trackingId header that identifies the request in Webex's logs.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad Request`	The request was malformed, such as a missing required field or an invalid value. The response body holds a message and a trackingId.	Read the message, correct the named field, and resend.
401	`Unauthorized`	The access token is missing, invalid, or expired.	Send a valid Bearer token, refreshing the OAuth token if it has expired.
403	`Forbidden`	The token is valid but lacks the scope or role for the call, such as posting to a space the caller is not a member of.	Grant the missing scope, or add the identity to the space, then retry.
404	`Not Found`	The resource does not exist, or the token cannot see it. Webex returns 404 rather than 403 so it does not confirm a hidden resource exists.	Confirm the id is correct and the token has access to the resource.
429	`Too Many Requests`	A per-endpoint rate limit was exceeded. The response carries a Retry-After header with the number of seconds to wait.	Wait the number of seconds in the Retry-After header before retrying the same endpoint.
502	`Bad Gateway`	A transient upstream error inside the Webex platform.	Retry after a short delay with backoff, and use the trackingId when contacting support.

Versioning & freshness

Version history.

Webex serves a single current version of its REST API, version 1, and ships dated changes through a developer changelog rather than minting new version numbers.

Version history

What changed, and when

Latest versionv1

v1Current version

Single current version, dated changes through the changelog

The Webex REST API serves one current version, version 1, and ships changes through a dated developer changelog rather than minting new version numbers. Recent dated changes include new Query Recordings methods that replace the older List Recordings methods, meeting summary methods, and rate-limit and pagination changes that took effect on 31 October 2025.

What changed

15 January 2026: meeting summary methods added, including Get Meeting Summaries, Get Summary For Compliance Officer, and Delete Meeting Summaries
31 October 2025: rate-limit and pagination changes took effect
September 2025: caller ID firstName, lastName, and displayName fields extended to full Unicode and made optional in Webex Calling methods
New Query Recordings methods introduced to replace the older List Recordings methods, which are being deprecated
The /meetingInfo endpoint deprecated

Earlier

Earlier changelog activity

Before these entries, the Webex REST API shipped a continuous stream of dated additions and deprecations through the changelog, such as the /events API gaining direct and breakout session messages, while keeping the version-1 surface stable for existing integrations.

What changed

The /events API extended so meetingMessages surface direct and breakout session messages
Ongoing additions to messaging, meetings, and admin methods without a version bump

An integration tracks the changelog for new methods, scope changes, and deprecations.

Webex API changelog ↗

Questions

Webex API, answered.

What's the difference between a bot token and an OAuth integration?+

A bot is a Webex account with its own identity that posts and acts as itself inside a space, and its token carries the full messaging scope set, but it only reaches spaces it has been added to and, in a group space, only messages that mention it. An OAuth integration acts on behalf of a real user with exactly the scopes that user authorized, so it can be limited to read-only or to specific resources. A bot suits an assistant that lives in a space; an OAuth integration suits least-privilege access on a user's behalf.

What are the rate limits?+

Webex meters requests per endpoint rather than across the whole token. Most REST methods allow around 300 requests per minute, while the messages and people methods get a higher quota that Webex adjusts dynamically. Going over returns 429 Too Many Requests with a Retry-After header giving the seconds to wait before calling that endpoint again. A bot account has less restrictive limits than an end user, and because limits are per user, a heavy workload is best split across separate users.

How do I receive events instead of polling?+

Webhooks deliver events without polling. A webhook registers a resource and an event, such as messages and created, or memberships and deleted, plus a target URL. When a matching event fires, Webex posts a JSON payload to that URL. Setting a secret on the webhook makes Webex sign each delivery with an X-Spark-Signature header, an HMAC-SHA1 of the body, so the receiver can confirm the payload came from Webex and was not altered.

Why does a bot not see every message in a space?+

In a group space, a bot only receives the messages that directly mention it, by design, so it is not exposed to the whole conversation. In a one-to-one space, the bot sees every message in that direct conversation. Reading a message still needs the spark:messages_read scope, and the bot must be a member of the space.

Does Webex version its API?+

Webex serves a single current version, version 1, and does not issue new version numbers for changes. New methods, behavior changes, and deprecations are published in the developer changelog with dates, so an integration follows that timeline rather than pinning a version. When something is deprecated, Webex announces a date before the old behavior is removed.

Is there an official Webex MCP server?+

Yes. Webex publishes official Model Context Protocol servers, including a Messaging server and a Meetings server, that let an AI agent create, edit, delete, and retrieve messages, manage spaces and memberships, and schedule and look up meetings. They use a Webex access token and the scopes it carries, so the same permission model applies as the REST API.

What is Bollard AI?

Control what every AI agent can do in Webex.

Bollard AI sits between a team's AI agents and Webex. Grant each agent exactly the access it needs, read or write, resource by resource, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Webex token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Webex access in Bollard Browse all APIs →

Webex

Comms Agent

Post messages to a space ActionOffReadFull use

Read spaces & memberships ResourceOffReadFull use

Schedule meetings ActionOffReadFull use

Delete messages & remove people ActionOffReadFull use

Per-agent access, set in Bollard AI, not in Webex

How the Webex API works.

Connection & authentication methods.

REST API

Bot account

MCP server (Model Context Protocol)

Webhooks

OAuth integration

Bot token

Personal access token

Service app

What an AI agent can do in Webex.

Messages

Spaces

Memberships

People

Teams

Team memberships

Meetings

Webhooks

Events

Every Webex API method.

Messages

Spaces

Memberships

People

Teams

Team memberships

Meetings

Webhooks

Events

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Webex API, answered.

More communication API guides for agents

Gmail

Discord

Bird

Google Chat

Slack

Dialpad

Control what every AI agent can do in Webex.