Skip to main content
Solved

Co-Admin can view another Co-Admin's content in Content Manager but As-User API returns 403

  • June 10, 2026
  • 1 reply
  • 182 views

We have a Box Co-Admin account with the following permissions enabled:

  • Manage Users

  • Manage Groups

  • View Users' Content

  • Edit Users' Content

  • Log into Users' Account

The Co-Admin can successfully impersonate regular managed users using the As-User API.

The same Co-Admin can also view another Co-Admin's files and folders through the Content Manager functionality in the Box Admin Console.

However, when attempting to access the other Co-Admin's content using the As-User header, the API returns HTTP 403 Forbidden.

Questions:

  1. Is Co-Admin to Co-Admin impersonation supported through the As-User API?

  2. Is the 403 response expected behavior?

  3. If Content Manager can view another Co-Admin's content, is there a public API equivalent to Content Manager?

  4. Is there a supported way to programmatically access another Co-Admin's content for migration purposes?

Any documentation references would be appreciated.

Best answer by John Koepp

@migrator qa - In general with Box API access using as-user you can only impersonate regular managed users.  Not other adnins or co-admins.  If you can describe what you are trying to accomplish perhaps I can identify an other way to achieve the goal.

1 reply

  • Box Employee
  • Answer
  • June 15, 2026

@migrator qa - In general with Box API access using as-user you can only impersonate regular managed users.  Not other adnins or co-admins.  If you can describe what you are trying to accomplish perhaps I can identify an other way to achieve the goal.