API

I’m using the /recent_items to identify the following: item_modify, where a user has modified a file in Box item_preview, where a user has viewed a preview of a file item_upload, where a user has uploaded a file item_comment, where a user has added a comment to a file I have created a folder & file, created a folder & uploaded a file, and added comments to the file in my box account. However, the response only lists files interacted with interaction_type = “item_preview”? I was expecting the API to return the interaction_type = “item_uploaded” when the file was uploaded; and return the interaction_type = “item_comment” when a comment was added the file? Any help is greatly appreciated. Thx

Is there a way to eliminate the grant access page if a user is already given access to the app? Or is there any other type of custom app I can use for this purpose? My requirement is just to verify that the visitor is an actual box user or not. Once the user grants we store the tokens and refreshs the token before the expiry of the refresh token. A similar way where users can log in with Google. And access grant is asked only first time.

I have a question regarding rate limiting for license-based APIs. developer.box.com Rate

I have a question regarding rate limiting for license-based APIs. developer.box.com Rate

What is the most efficient method to stop users deleting folders? It seems there is no direct permission which can be applied for this. Folder Locking available via API seems to be a possibility.

I’m utilising the Box Sign Events API to construct my workflows. The API provides capacity to monitor the sign document when it is converted to a .pdf file, using the SIGN_DOCUMENT_CONVERTED event. However, this event does not seem to trigger - I’ve tried using different sign document file formats. They all get successfully converted to a PDF for signing, but the CONVERTED event never seems to show up in the enterprise events stream (admin_logs_streaming). Similarly, I’m also not able to trigger the SIGNER_DOWNLOADED event - the documentation states that: “A SIGNER_DOWNLOADED event_type is produced when a signer downloads the signing document.”, but when I test this out, I only receive an additional SIGN_DOCUMENT_VIEWED_BY_SIGNER event (note that this isn’t th

Hi, I’m trying to figure out why our app integration no longer opens successfully, it shows “403 forbidden” when opening the app via Box (in a new tab). From our logs it looks like it stopped working August 22th (the oath endpoint haven’t been called since then). Have something changed in how Box calls the authentication endpoint? Its this network call https://app.box.com/index.php?rm=box_openbox_post_form&url=[...] that returns a 403. See screenshot:

Hi, I’m part of an IT company and one of our clients has been using Box since before we started managing them. We’ve been trying to handle an issue with the permissions and so far, we haven’t been able to find a good solution. Box support was not helpful, and I spent some time learning the CLI, but I’m still struggling to figure anything out. Anyways, here is the problem: The file structure that they have set up does not work with the way Box handles permissions. The situation is they have a folder titled “Human Resources”. In this folder there is an “Employees” folder and each employee of the company has their own subfolder. Within each employee’s folder, there are two subfolders. One of these subfolders is called “Confidential” and should only be accessed by HR. The other subfolder is “Personnel” and should be accessed by HR and Accounting. Since Box forces their waterfall/inheritance permissions model, we are not able to make this work. If we give read access for Ac

What is the best way to use the Box API to get all shared links created by a specific user?

Hello. I would like to update the tracking code in PowerShell, but when I run the following code, I get a 400 error. $token = "<access token>" $uri = 'https://api.box.com/2.0/users/<user id>' $headers = @{"Authorization" = "Bearer " + $token} $body = [System.Text.Encoding]::UTF8.GetBytes("tracking_codes": [ { "type": "tracking_code", "name":"<tracking code name>",value":"<tracking code value> "}]) Invoke-RestMethod -Method Put -Uri $uri -Headers $headers -Body $body -ContentType 'application/json' ▼Error content + Invoke-RestMethod -Method Put -Uri $uri -Headers $headers -Body $body ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMe

Our Use Case: We are a SaaS vendor with security concious enterprise customers. We recommend that our customers connect their cloud storage provider (e.g., Google Drive) so that we can import configuration files and export report files. We would like to add Box to our list of supported cloud storage providers. We would be implementing a Box custom app. Our current recommendation to our customers for other cloud storage providers: Create a cloud storage user account specifically for our app, with access only to folders intended for import/export. From within our application, the organization admin enables the integration to their cloud storage provider (we have a plugin/app concept). On integration enablement, we start an OAuth2 flow; the customer enters the user described above, and we obtain the temporary code (i.e., ?code=… on the redirect). We immediately send the temporary code to our server. The server exchanges the

Hi! We have gotten a report of an “access_denied_insufficient_permissions” error when our connector is trying to fetch users via the “https://api.box.com/2.0/users” endpoint. The authentication works as expected. These are the permissions setup in the app: Manage users Manage enterprise properties They are reporting that they are using Box for education. As far as I can tell Box for education is either Enterprise or Enterprise Plus at a discounted price, and not a separate product. Or are there any API limitations for education plan customers and this is expected behavior?

I see that box allows me to upload a folder containing multiple files. Is there any way to do that all the files in the folder have been uploaded, I am looking at webhook but could not utilize this event because FOLDER.CREATED is issued before all the files have been uploaded.

Hello! I am trying to use the API to add a security classification to a folder and then create a metadata cascade policy so that the classification cascades to anything added to that folder. I can add the classification successfully through the API, but I cannot create the metadata cascade policy. In Postman, my request body to create the metadata cascade policy looks like this: { "folder_id": "12345678901", "scope": "enterprise_XXXXXX", "templateKey": "securityClassification-6VMVochwUWo" } But this returns a 404 error. Is there something wrong with my request? Or am I missing a step somewhere else? I’m able to do this successfully through the Box CLI, but not by making API calls through my integration app (which uses OAuth 2.0 w/ Client Credentials Grant (Server Authentication)).

I created personal Box account and am attempting to request a token using the client ID and secret. I am getting the following error. {“error”:“invalid_grant”,“error_description”:“Grant credentials are invalid”} Here are my application settings and requests: App access level : App + Enterprise access Authentication method: Server Authentication (Client Credentials Grant) curl -X POST https://api.box.com/oauth2/token -d “grant_type=client_credentials” -d “client_id=redacted” -d “client_secret=redacted” -d “box_subject_type=user” -d “box_subject_id=redacted” I am providing the user_id of my Box account as the box_subject_id.

I am trying to call the Box api with c# and search for documents and get their metadata. I am able to see the metadata when I pass “metadata.enterprise.{metadata_template_key}” in a string array into the fields for the Search Manager. How am I able to extract that data? I do not see a way to get it from the BoxItem type. I know I can make a second call to get the metadata directly but I would have to make this call on all the documents the search api returned. I would like to prevent making so many calls if possible.

Hi, While fetching files from user of my organization. I am unable to fetch shared documents which is shared by user which is not in my organization. So, is it expected behavior. Also, in total count it displayed count with shared files but in entries it did not return the shared files.

I regularly access files over FTP. This has not been a problem until recently. But at the moment, although FTP login is still successful, I receive a “Error on input file” error when attempting to get any file. Please help me resolve this.

Hey, I’m new to using box and I’m trying to explore the SDK/APIs. I want to generate a pre signed url (like in S3) to allow the user to upload files directly through my UI without having them interact with box. Also, is there a way to test the paid features like get a direct download link using my free dev account?

Hi all, I’m using the boxsdk python lib to search for files, and then retrieve the file’s content as a string. Something like: search_results = box.search().query(<my_params>) for file in search_results: content = file.content() Problem is after this point, the Download API returns binary data that I can’t seem to decode, I’ve tried different encoding formats using python’s in-built decode, utf-8, ascii, iso, etc. Is there some way of properly decoding the binary data into string text? Of course, I’m aware this won’t work for most file types, but would at least like to get .doc, .docx, .txt files as a starting point. I also don’t need to store the content into a file locally, just need to output the file contents. Thank you!

I have created application with Client Credentials Grant and when i am trying to use it with box_subject_type=user. i am getting “Grant credentials are invalid” error. I have checked client ID and client secret and user ID. Also I have checked App Access Only as i am trying with user subject type Note: I am using newly created free account without any subscription or trial

The get sign templates listing API call is returning a 500 Internal Server Error for me. This seems to be irrespective of whether making the call as a particular user or standalone. API: https://developer.box.com/reference/get-sign-templates/ Call fails whether through code or just curl, e.g. curl -L -X GET “https://api.box.com/2.0/sign_templates” -H “Authorization: Bearer <ACCESS_TOKEN>” Response is HTTP Code 500 “Internal Server Error” Anyone else see this when making a call to that API endpoint?

I’m trying to authenticate with OAuth 2.0 and I keep getting 401 unauthorized errors. I know for sure that I’m using my correct Client ID and Client Secret, so I’m not sure what’s going wrong.

While checking pricing page in Box I saw we have 50000 API calls per month for Business Plan and for Enterprise we have 100,000 API calls per month. So, can anyone explain me how it’s work and where I can check how many requests are pending.

I have a folder ID and I have a leaf name. What I want is the full file details. At the moment I list the folder and look for the leaf name. This works but for large folders is very slow and requires lots of API calls. Is there an API which takes as input a folder ID and a leaf name and returns a file info just for that file? The best I’ve seen is get-search but that has several problems - it does a recursive search when given folder IDs which I don’t want, and I want an exact match for the file name, not a fuzzy one (its still fuzzy if you use “double quotes”). Any ideas? BTW this is for rclone!