API

Hi team! We submitted the app for approval around 2 weeks back but haven’t received any reply till now about our approval status. App details: Name: Cobalt Email: integrations@gocobalt.io User ID: 30678966382 Can you please expedite this as it’s an urgent requirement? Looking forward to a positive response.

We are actively builidng a Box Integration. Developed a custom-application to use Authentication as OAuth2.0. We have added multiple web-integrations and everything works as expected. When Any action is triggered from Box-Cloud using a Web-Integration – We use the authCode to generate the access-token with NodeSdk. – We perform the required task and Workflow is Completed without any issues. We are storing {access_token, refresh_token, ttl} in our backend database… The Problem is when we Try to refresh the Token: The Refresh Token is used for the first time. The Refresh Token is not expired (I tested within few minutes, after getting the refresh-token). I tried using the Authentication flo: Contructing AuthenticationUrl, Allow Access from BOX, Exchange Code for Token

Copy pasting this from another question that was never answered: When I attempt to perform a preflight check with a file with the same name in the same folder and run into a naming collision, I have code that accounts for the conflict error Box API Exception with code: “item_name_in_use”. I expect the JSON object to have an array of conflicts inside context_info as per the documentation https://developer.box.com/reference/resources/conflict-error/ However, sometimes conflicts is an object instead of an array, breaking my deserialization process. Example: When calling boxFolder.canUpload(filename, fileSize), I receive this error: { "type": "error", "status": 409, "code": "item_name_in_use", "context_info": { "conflicts": { "type": "file", "id": "1545199568548", "file_version": {

After a lot of simultaneous user delete and group_membership delete operations, some group_memberships are stuck. In admin console, it shows that there are users in the group, but not showing them inside, also users are already deleted. If checking via API, they are shown in group/GROUP_ID/memberships endpoint, but attempting to delete them via DELETE on /group_memberships endpoint causes this error: { “type”: “error”, “status”: 404, “code”: “not_found”, “context_info”: { “errors”: [ { “reason”: “invalid_parameter”, “name”: “group_tag_user”, “message”: “Invalid value ‘group_tag_user_36356814675’. ‘group_tag_user’ with value ‘group_tag_user_36356814675’ not found” } ] }, “help_url”: “http://developers.box.com/docs/#errors”, “message”: “Not Found”, “request_id”: “fdm4k5hpziqx9of5” }

For all intents and purposes, I’m using cURL commands to operate my application. Project: I have a large number of folders (1000+) in the root of my application. Each folder has a standard structure of sub-folders, and within each sub folder there can be a large number of individual files (1000+). Need: I have a database with associated records. Each record is given an identifier (UUID). I created a metdata template with one field called UUID. Goal is to add a metadata instance to related files and folders with associated UUID. When you pull up the record in the database, application will search all metadata for UUID, and return appropriate files. Problem: I have successfully done so with files. Added metadata instance, search for UUID, and found list of files (99% of the time it returns just one). I have NOT been able to do so with folders. I need to be able to search for a metadata instance on a “folder” and retrieve i

I am a bit confused about the application type and authentication method best suited for my use case. I want to build an application, which should be published into the box app centre. The application should add context menu items to the existing box cloud Users with the box cloud account are the expected users. They will select a file or folder and click the context menu option. Context menu item click - should invoke our API., with information about the selected file or folder. The application should have permission to download and upload files. The main concern is that I want a long-lived token. I don’t want to re-authenticate for every call of a user a short-lived token. If multiple Organizations installed the application, How do we differentiate the organization? Thanks, Sarin

I think the user will be directed to the URL below when authorizing the user using OAuth 2.0. https://account.box.com/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&state=xxxx&client_id=xxxx When redirecting the user to the above URL, a problem occurs where a screen like the one below is displayed. https://account.box.com/login/mfa?redirectUrl=/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&client_id=xxxx

Hello, I am currently experiencing an issue with two-factor authentication on BOX. When I attempt to access the authentication page, I am presented with a CORS (Cross-Origin Resource Sharing) error, which prevents me from completing the authentication process. Here is the error message I am seeing: Access to XMLHttpRequest at ‘h ttps://app.box.com/gen204? category=boomerang&event_type=beacon&&keys_and_values[current_rm]= box_oauth2_server_authorize&keys_and_values[datacenterTag]= us-west4-prod&keys_and_values[is_old]=1&keys_and_values[uri]= https%3A%2F%2Fapp.box.net%2Fapi%2Foauth2%2Fauthorize%3F … {snip} … &runmode_options[add_geo]=1’) from origin ‘h ttps://app.box.net’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the req

I wanted to connect Box and DataSpider (currently mitocoX), so I created a custom app from the development console, downloaded a JSON file, and tried to set it in DataSpider. However, I get an error and can’t connect. If you are an expert, please tell me if I should use a file other than a JSON file, and if so, where can I download a file other than a JSON file? I’m a newcomer, so there are a lot of things I don’t understand, but , thank you.

Hello Box Community, I am currently using Box Drive and monitoring file events with its Webhooks. I’m curious to know if it’s possible to retrieve the version history of files using Box Drive Webhooks. Specifically, I’d like to retrieve the version history related to changes made to a file, and I’m particularly interested in detecting if a file version has been reverted. If anyone in the Box community knows how to retrieve file version history using Box Drive Webhooks, I would greatly appreciate any insights you can provide. Thank you very much.

Hello Getting exception “Request timed out” since Friday 4/12 through today on downloads using Box C# client var stream = await client.FilesManager.DownloadAsync(BoxID); On Saturday could not download any files Now it seems after program start, 1 or 2 downloads in a row work fine and then it hits a wall, restarting program over and over is the short term fix. Integration has been in place since 2020 Program has not changed lately Can access Box.com UI fine and download files too. Thank You!

Hi Team, We are trying to set the unshared_at value to update the publicly shared folder to be accessible for 10 minutes only, with this endpoint, https://developer.box.com/reference/put-folders-id/#param-shared_link-unshared_at We do have a paid account However we are getting the below response : { "reason": "invalid_parameter", "name": "unshared_at", "message": "Invalid value '1712055223'." } Could anyone help with this error

In implementing a flow within the OAuth authentication process that always prompts users to select an account, is my understanding correct that there are currently no parameters available for this purpose? developer.box.com Authorize user - API Reference - Box Developer Documentation Explore the Box APIs and SDKs to use for app development, API documentation, developer supp

Using the API, is there any way to get download/preview counts when you create a shared link for a folder? I can see counts on the files in the folder through the web interface, but files returned by the api don’t have shared link data which is where the counts would show if the individual files had a shared link. The shared link data related to the folder returned by the api exists, but the download/preview counts are always 0. I wasn’t really expecting them to be anything else, but those are the only counts I can find that have any value at all. I suppose I can create a shared link of each individual file in addition to the folder, but I was hoping to avoid that. Thanks!

I was trying to create the webhook but i encounter this error while creating it Anyone know what was the reason of it?

I’ve created a Box free account and trying to access the box APIs using Postman. I have used Auth 2.0 flow and successfully authenticated to generate an access token. While I’m able to perform GET API callouts, I’m encountering issues with POST callouts for actions such as creating files or folders. These attempts result in a 403-error status code. Could someone please suggest a solution for accessing Box APIs with a free account? Do I need to purchase a plan or are there any prerequisites or configurations that I might be missing?

I am using trial version of Enterprise Box and I have created Box Custom application (authorized by Box admin). Then I generated a private key PK for that Box application and I use this PK to connect to Box App from AWS Kendra. I use Kendra Developer Edition in this test. This method used to work, however today I received the below connection error after providing new PK to Kendra. PK is passed to Kendra using Secrets Manager. Error connecting to customer repository: Error parsing PKCS private key for Box Developer Edition. I made sure the PK is copied properly to Kendra. I also tested connectivity using the same PK and Box SDK and I can connect successfully to Box App programmatically using Python, however the connection from AWS Console fails. What can cause this error? This is private key format generated from BOX Application. It contains “\n” character as text. I normally copy “privateKey” into secret in Secrets Manager Kendra

We are planning shared folders (app folders) for about 50 applications. The folder structure could be as simple as AppA/FolderX and AppB/FolderX. Users can be authorized for several apps. Let’s say we want to authorize a user to edit files in each FolderX. We can share both folders and users see “FolderX” twice in their box. I guess via API it would be possible, to address both folders individually, but we want to make the apps available via box web interface, too. What we really want is to show users the full AppA and AppB folder structure in the web interface without any files that are stored in other folders than FolderX. What we can do is to additionally authorize users to view AppA and AppB. The full directory structure is then visible in the user interface so he users can see if the displayed FolderX belong to AppA and AppB. But users will also be allowed to view files outside FolderX. If we could share AppA with the privilege to “only view folders”, then

I’m following these instructions and I am struggling to decrypt the private key in ColdFusion/Lucee. Here’s how it’s done in PHP: $private_key = $config->boxAppSettings->appAuth->privateKey; $passphrase = $config->boxAppSettings->appAuth->passphrase; $key = openssl_pkey_get_private($private_key, $passphrase); Has anyone managed to get it working?

Hello team, I’m currently engaged with the Box Platform and Box Webhook. I have a question regarding the folder creation event – does it trigger when all files within the folder are uploaded, or does it happen immediately upon creating the folder? Furthermore, is it possible for me to promptly make an API call to retrieve the list of files in the folder and download them right after receiving the folder created event? Thanks,

can anyone help me by getting an esign request Id using the folder Id? I did try requesting extra fields on listing out the esign requests but no luck. Thank you

I’m calling the Box API directly from JavaScript to upload a new file. As the docs suggest, I run a preflight check first, and that check succeeds (200). The code for the preflight check looks like this: const preflightResponse = await fetch(url, { method: "OPTIONS", headers: { Authorization: `Bearer ${this.#token}`, "Content-Type": "application/json", }, body: JSON.stringify({ name, parent: { id: parentId, }, }), }); After that step succeeds, I move on to the next step of uploading the actual file. For this text, I’m just sending the text “Hello, world!” to a file named hello.txt. The parentId is the folder to upload to, and it exists (otherwise the preflight check would fail). The code to upload the file looks like this: const form = new FormData(); form.append("attributes", JSON.stringify({ name, parent: { id: parentId, }, })); form.append("file", n

Hi. I’m trying to find the best way to give a consumer using my mobile app a set of files created by my app when they click a button. Most of my users will not have a desktop computer or a printer. They will need to either (a) forward the documents to a FedEx email for printing or (b) upload the files to an online e-filing system. I don’t want the user to create a Box.com account, because that would be confusing to consumers using a mobile app. The simplest thing would be to email the attachments to the user, but I’ve gathered Box.com can only email share links that cannot be easily forwarded to FedEx for printing or uploaded to an online e-filing system from a mobile device. Any suggestions on the best way to go about this? Need a secure way to make it easy for a user to email the docs to a FedEx printing email or upload them to an online portal, from thei

It use to be easy but i do not see an option anymore on how too see how many folders I have.