Skip to main content

    uri = URI('https://api.box.com/oauth2/token')
    token_request = Net::HTTP::Post.new(uri)
    token_requeste'Content-Type'] = 'application/x-www-form-urlencoded'
    token_request.set_form_data(
      'client_id' => BOX_CLIENT_ID,
      'client_secret' => BOX_CLIENT_SECRET,
      'grant_type' => 'client_credentials',
      'box_subject_type' => 'user',
      'box_subject_id' => BOX_CLIENT_USER_ID
    )

    response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') do |http|
      http.request(token_request)
    end

I have the above Ruby code which has been giving an access token consistently for the past 6 months. However, yesterday it seems to be no longer providing the access token.

Instead, now I get the response:

{"error"=>"invalid_grant", "error_description"=>"Grant credentials are invalid"}

I verified that the Box Dev App is still Enabled and Authorized. I also checked that the credentials hadn't changed. Is something else going on that I'm unaware of or is there something else that I can check? I did roll the OAUTH2 credentials, but that didn’t work either.

Hi @carterandclark 👋 Welcome to our community! Thanks for bringing this up.

This is probably regarding the issues described in the Common Errors section of our documentation. You may be needing to have your application configured to generate user access tokens in the Advanced Features section of the Configuration tab.

See the related topic here about: Client Credentials Grant User ID Access_token failed.

Let us know how it goes! 🤗


Thanks for the reply,

I am not sure why this started happening as we didn’t make any changes on our account and it was working properly for nearly 6 months. However, changing the subject type to enterprise and the subject id to the enterprise id did seem to resolve the problem.

      'box_subject_type' => 'enterprise',
      'box_subject_id' => BOX_CLIENT_USER_ID


Hi @dkimura 👋 Welcome to our community! I appreciate sharing your insights that your issue was resolved by changing the subject type and its ID.

This is also documented under How to use which users can definitely check if encountered the same issue.

We’ll also work internally regarding the root cause of the issue. Thank you so much for your great contribution! 😎


Reply