However, when I try to do a simple curl POST command to lock a folder, I always receive a 404 “not_found” regardless of the folder I pass to it. The GET command works fine and obviously returns an empty array since I haven’t successfully locked a folder yet, but I know the endpoint and my access token works fine.
Are there other exceptions to this feature that aren’t documented? I have ensured I am the sole owner of the folder (no co-owners), but it has been shared with others a Editors.
For added detail, I am using the Oauth 2.0 method for access.
Any help/guidance on locking folders via the API would be much appreciated!
Page 1 / 1
Hi @aaron. Do you get the full error message in response to your curl call?
I’ve ensured that via Oauth 2.0, I am authenticated with the same user ID that owns the folder by using the /users/me and the /folders/{folder_id} endpoints as well. I’m not sure if it’s odd or not that I can successfully get folder lock info via GET and the URL query ?folder_id= but not POST with the JSON body.
Interesting. I tried this on my test system with postman and it worked ok:
POST {{baseUrl}}/folder_locks
Body
{
"folder": {
"type": "folder",
"id": "{{folder_id}}"
},
"locked_operations": {
"move": true,
"delete": true
}
}
Response:
{
"folder": {
"type": "folder",
"id": "163944286342",
"sequence_id": "0",
"etag": "0",
"name": "test folder"
},
"id": "2805613200",
"type": "folder_lock",
"created_by": {
"id": "19498290761",
"type": "user"
},
"created_at": "2023-06-23T17:48:16Z",
"lock_type": "freeze",
"locked_operations": {
"move": true,
"delete": true
}
}
Can you share the curl command you are using (minus any sensitive data, of course)
Sure thing, I’m just running the curl from my terminal after copy/pasting the access token from my app.
curl -i -X POST "https://api.box.com/2.0/folder_locks" \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
"folder": {
"type": "folder",
"id": "{{folder_id}}"
},
"locked_operations": {
"move": true,
"delete": true
}
}'
Pretty much exactly what the example docs show.
hmm… that worked for me, as well. And you are using curl to get a bearer token with OAuth 2 and then using that token for <ACCESS_TOKEN> above?
Correct. I’m also on an enterprise box account. I’m not sure if that would effect it? I don’t have admin access but I didn’t see anything about needing it for folder locking, just folder ownership.
The access token has worked for pretty much every other API endpoint I’ve tried, except this one.
Update: I tried using the developer token instead, and the folder successfully locked. So it does seem like an issue with my Oauth access token.
hmmm, maybe a missing scope. What do the scopes look like in your app in the developer console?
It was indeed missing a scope!
I had added write access earlier but didn’t re-sign in to authenticate. I was still using the same access token(s) from refreshing the token.
I deleted the access token and refresh token from my application and signed in again and the locking now works!
Thank you for your quick responses and assistance!
