API

Hi all, I was wondering whether the Events API call has the same rate limits as described here. Due to its potential huge-size in enterprise environments, i wondered if it really falls under the 100K per month for an enterprise for example. If an enterprise with a lot of users has a SIEM tool and a few more integrated tools, this can be reached easily. Also - how the rate limiting of a client-credentials authenticated app is measured? is the app considered as a “user”? Another question i had, is whether i can filter out events based on their type (for example filter out login events etc). Thanks a lot.

Hi Team, I am working on an app integration to poll and parse Enterprise Event Stream API. I found the documentation for the list of events at the following link: https://developer.box.com/guides/events/enterprise-events/for-enterprise/#event-types 👍 Just wondering if there is documentation that explains the JSON response document for each event as it seems to vary a little based on event - example: CONTENT_ACCESS/LOCK/UNLOCK/EDIT has additional_details field. Thanks Andy

Hello all, I am using the download file API with a downscoped token to allow the user to download files directly from their browser as part of an application where box is hidden from the user (https://developer.box.com/guides/downloads/in-browser/). This works fine, except that the response includes a Content-Disposition header with the value set to “attachment;filename=…”. Ideally, I would want a response with Content-Disposition set to “inline;filename=…” so that the default behavior for browsers would be to preview the file rather than downloading it. So my questions: Is there a way to force box to return an inline disposition? If not, is there another endpoint/workaround I can use to achieve this (without recreating a preview system myself)?

I am trying to post comments on files in box using rest api callouts.It is asking for auth token.I have already authorized the app in box.I am not sure how it will work.if anybody has a working example in postman etc.

Hello everyone. I created a custom app in september 2019 and I have been using it since them to automate some of my monthly tasks. It is able to upload and retrieve files data as I need, but not to list neither delete due a low regularity of usage of these functions, mainly because I’ve used to manage and delete old files using web Content Manager. Unfortunately I am not able to do it anymore. If I understood it well, now the feature is restrict to plans upper to Business Plus. I got the point to restrict users management, but wouldn’t it be bad for Custom Apps that haven’t a full self-management (CRUD) files feature? We must consider that some apps does not even have an UI, some finished and delivered apps to final users could not implement a full management, and even there is a needing to write more code and spend time to fix a issue that can’t be solved due a

Hi Team, What will be endpoint of API if subdomain enabled. Example - Default URL - https://api.box.com/2.0/events If enabled subdomain can we use API with default URL or do we need to use subdomain?

Regarding the plan mentioned in the https://www.box.com/pricing/business, we have below queries. Will the “\events” API availability change as the plan changes ? List Of Event type will change as per the Plan ? Will Enterprise events type include user events type ? What minimum paid account required to access the Enterprise event via “\events” API?

Getting below error in /users API Request - curl -i -X GET “https://api.box.com/2.0/users” \ -H “authorization: Bearer <ACCESS_TOKEN>” Response - { “type”: “error”, “status”: 403, “code”: “access_denied_insufficient_permissions”, “help_url”: “http://developers.box.com/docs/#errors”, “message”: “Access denied - insufficient permission”, “request_id”: “qcyqnkhl1oprc6uk” } What permission or paid account needed to access above API ?

Some of our users are getting flagged for going over their allotted API calls per month. We’re aware that this is part of the user’s Box’s billing plan. This is a pretty inconvenient limit. Our use case requires us to do full periodic syncs, where each sync making: ~2 API calls per folder, 1 to retrieve its children and 1 to retrieve its collaborations ~1 API call per file to retrieve its collaborations We do use webhooks to reduce how often we make these calls, but it still doesn’t guarantee control as a developer, especially if a user has thousands of files. To remediate: Are there any API calls that can pull the latest changes to folders & files, instead of us needing to do full periodic syncs? Or is there any other recommended practice so that we can reduce the # of API calls we need to make. Is there a programmatic way to access the user’s monthly limit? Does this limit apply to an individual user

I tried to create an access token using the following details { grant_type: ‘client_credentials’, client_id: “2yuh6hjmzagiw5hr8tqhxvcqkcgyiw4c”, client_secret: “my client secret”, box_subject_type: ‘user’, // box_subject_id: ‘my user id’, // }; I am getting following error even after providing the correct credentials: data: { error: ‘invalid_grant’, error_description: ‘Grant credentials are invalid’ } my app setup is : 1.server authentication (Client credential) 2. app access only please let me know how to resolve it

We are trying to access the file name using the box api. To do that we are using OAuth authentication. But we authorization is pending and we reached out to Admin contact still waiting for the reply. Can someone pls suggest best way to integrate box with our application to read the file name which is in Box. Please do the needful Thanks in Advance.

I have a question about the conditions under which the following error occurs when using the zip archive download API. developer.box.com Download zip archive - API Reference - Box Developer Documentation Explore the Box APIs and SDKs to use for app d

Hi teams, We are facing an issue with the search API of Box. For example, if I have files named ‘image-1’, ‘image-2’, and ‘image-3’ in Box, and my search term is ‘image,’ I noticed that the ordering of results is not consistent. The order of results varies each time I invoke the API. This inconsistency affects the API results, especially when we use pagination. For instance, if I query to get the first 20 results and then use the ‘offset’ value to retrieve the next page of results, I observe that there are repeated results from the previous API call. Please consider this issue and provide us with a resolution. Thank you

I’m trying to check with an API how many times a file has been accessed. Since there is no API to obtain the insight information provided on the web screen, I think that the FILE (Full) objects shared_link.download_count and shared_link.preview_count are appropriate alternatives. However, these values always remain 0 whether I preview or download the file. When are download_count and preview_count updated?

The Users & Groups section of box admin shows that I have a managed user that is using 95% of the storage of my account. I am unable to see that content in the Content section of box admin because I don’t see a Content Browser tab (in both Firefox and Microsoft Edge). I have tried deleting the user and transferring their content to me, but when I click the Continue button it shows a busy animation and never goes to the next screen. When I login to box admin later, no additional content has shown up in my account, and the user I tried to delete is still there and is still using 95% of the storage. The problematic user was originally the account admin, but has an email address from a domain that box doesn’t allow, so a couple years ago I created a new user (the user I’m logged is as now) and made it the admin. I had to file ticket #2455825 to get the account reactivated. The problematic user is now shown as Co-Admin and listed as Active

I’m using the /recent_items to identify the following: item_modify, where a user has modified a file in Box item_preview, where a user has viewed a preview of a file item_upload, where a user has uploaded a file item_comment, where a user has added a comment to a file I have created a folder & file, created a folder & uploaded a file, and added comments to the file in my box account. However, the response only lists files interacted with interaction_type = “item_preview”? I was expecting the API to return the interaction_type = “item_uploaded” when the file was uploaded; and return the interaction_type = “item_comment” when a comment was added the file? Any help is greatly appreciated. Thx

Is there a way to eliminate the grant access page if a user is already given access to the app? Or is there any other type of custom app I can use for this purpose? My requirement is just to verify that the visitor is an actual box user or not. Once the user grants we store the tokens and refreshs the token before the expiry of the refresh token. A similar way where users can log in with Google. And access grant is asked only first time.

I have a question regarding rate limiting for license-based APIs. developer.box.com Rate

I have a question regarding rate limiting for license-based APIs. developer.box.com Rate

What is the most efficient method to stop users deleting folders? It seems there is no direct permission which can be applied for this. Folder Locking available via API seems to be a possibility.

I’m utilising the Box Sign Events API to construct my workflows. The API provides capacity to monitor the sign document when it is converted to a .pdf file, using the SIGN_DOCUMENT_CONVERTED event. However, this event does not seem to trigger - I’ve tried using different sign document file formats. They all get successfully converted to a PDF for signing, but the CONVERTED event never seems to show up in the enterprise events stream (admin_logs_streaming). Similarly, I’m also not able to trigger the SIGNER_DOWNLOADED event - the documentation states that: “A SIGNER_DOWNLOADED event_type is produced when a signer downloads the signing document.”, but when I test this out, I only receive an additional SIGN_DOCUMENT_VIEWED_BY_SIGNER event (note that this isn’t th