API

Hello,I am trying to automate some workflows for our NGO with the help of the APIs of box. Right now I am testing the endpoints in bruno. Many endpoints are working fine with the developer token. However I can’t get the Box sign APIs to work. "The request requires higher privileges than provided by the access token."We are on the “nonprofit Starter” box plan with 25k API calls per month.I have submitted and approved the app to our workspace. I have enabled all scopes within the app that I see (however I see none specific to box sign): Box sign is enabled for our organization and working fine manually: Are box sign APIs only available for higher tier subscr

In box developer I have setup a platform app to connect and sync some data from an Ubuntu server using rclone.I have done all steps correctly but upon connecting i get error 403 forbidden, though the access token is valid.Probably, while doing some tests for the script, seems like box banned the server ip.I tried reproducing from other machine using the same platform app, and everything works.How can box.com remove IP from blacklist?I am not using paid account yet, I am on the free tier, but I am not willing to proceed to premium if such block encounters.

Hi everyone!  I am using Box CLI through my command line. I managed to bulk-create 400+ folders and generate individual shared links. So far it was working great. Since I need the shared links to be open to the public, I used the shared-links:update command to open them up in bulk, but for each entry on the .csv it shows the following message: Unexpected API Response [404 Not Found | aei9xvi30io52itj.039fa4e7915631e5159561a174d9cf7f5] not_found - Not Found I know it’s not an authorization/access issue because if I do the command manually (i.e., not through bulk-file-path), it goes through for the individual folder. I can't do it manually for the 400+ folders, so I would appreciate any guidance on how to bypass this issue which is not very specific to troubleshoot. Thank you in advance!

Hi All. I am working on downloading some files and folders from box. I have two apps, one created back in 2022 and one created last week. The two apps have identical setup (apart from the old one having the “App Details” option set to “Select an option”),When attempting to download the files with the old one all is good and the files are downloaded. However when I use the new one I receive the following response for downloading the files: “access_denied_insufficient_permissions”.It is very odd as they use the same code to generate the auth token and url (files/{fileId}/content). As mentioned the permissions are the same:Authentication method: OAuth 2.0 with JSON Web Tokens(Server Authentication); App Access Level: App + Enterprise Access; Application scopes: All selected; Advanced features: All selected;Both apps are authorized.I even added a check with url: “/files/{field.id}?fields=permissions,c

Hi Box Support / Community,I’m working on a Box integration where I need to programmatically retrieve only all files and folders that were modified within a given date range — for example, from 2025-06-22 to 2025-06-28.What I’ve Tried: 1. Search API with updated_at_rangeI referred to the SDK documentation here:📖 Box Python SDK Search Query DocumentationExample:search_results = client.search().query( query='S',ancestor_folder_ids=[folder_id],updated_at_range=('2025-06-22T00:00:00Z', '2025-06-28T23:59:59Z'))Issue:This still returns records whose modif

(en)Hi, I'm a Box user in Japan and I'm researching integrations with the Box AI API for Hubs.What kind of error response will be returned when the maximum number of calls per user account in the Box AI API is reached?--(ja)こんにちは、日本のBoxユーザです。Box AI API for Hubsとの統合機能の調査をしています。Box AI APIのユーザアカウント毎のコール数の上限に到達した場合、どのようなエラーレスポンスが返却されますか？ 

Hi community,I'm looking for the base URL to access the List user and enterprise events API endpoint specifically for FedRAMP(Gov cloud) supported environment.Could someone please provide:The correct base URL for making API calls to the FedRAMP cloud instance Confirmation that this specific API endpoint (List user and enterprise events) is supported in the Gov cloud offeringThank you for your assistance! 

I am using a third party system that has worked well for over a month now. I started getting this message, “Item with the same name already exists”   I know the file and folder I am attempting to create on BOX is unique. I have done the standard refresh, reboot, and cleared cache without any success. I am stumped and need to figure out a solution soon and I am getting farther and farther behind. . . .  HelpChris -- 

We have created JWT auth app for Authentication (app_user)app_user - https://developer.box.com/platform/user-types/#app-userQuestion:We have seen in consistent response behaviour in Users Listing API(https://developer.box.com/reference/get-users/)- for some Box Accounts app_user is included , for some its notDoes any settings in Box Account impact this behaviour of Users Listing API  

I have a box app that is using Oauth to authenticate.  Our users have to log in individually to get access to my app.  When I capture the user id using client.users.get_user_me().loginit returns the user id of the developer that setup the platform app.  Is there anyway to capture the user id as they are authenticating?  

Hi I  want to get an API to allow my Vercel user interface page to select files in some folders in Box, how do I do that? I do not write script, there must be a simple way of doing this?

I created a Box app with the my app’s public key and then authorized it Then deleted the Box app and created a new one In the new app it did not allow me to use that public key (even though there were no other apps using it); probably because the authorization was still in place (even if attached to a deleted app) and to delete the authorization I had to email the Box support. I decided to completely delete my account. however, when I tried to create a new app in a new account, it still showed the same error: apparently it is a rule across all Box app public keys. So, now I cannot basically create a Box account with my current Bubble app public key. Now, I cannot reactivate my original account since it says: Please email billing@box.com to make changes to your plan.  My questions: 1. How can I login to my deleted account again

Hi, I am trying to implement an e-signature workflow using Zapier. However, current implementation of the Box integration in Zapier does not have any signature-related triggers/actions.  Some apps have a generic "API Request" action (example below) but unfortunately box does not.   Is there any way to access the signatures API through Zapier? Thanks in advance.

Are there any sample code snippets or documentation on how to set up the API to upload documents? Any help would be appreciated. I searched and didn't find what I needed, just marketing material.

Current State:The downscoped token used for this has the permission for “base_explorer item_delete item_download item_upload item_preview” The app that’s being used has Co-Owner permission as well.  The Content Explorer renders based on the following settings:  We had a response Interceptor to the Box Content Explorer, but even after removing that and using OOB Box Content Explorer functionality, the download doesn’t work. I would only get something if I were to manually copy paste the download link from the response to a browser:   The download doesn’t work, neither does Preview I’

I was having the same problem as the following thread:When i try to generate a token by API with the box_subject_type: user, i get this messege: I noticed that i dont have access to an Admin account, but I intent on using the api to upload files to my personal box. Do I have to publish my app before hand? But its to much of a trouble for a simple use. 

Hi,I was looking for a way to delete a user using this method : curl -i -X DELETE "https://api.box.com/2.0/users/$userID?force=true" -H "authorization: Bearer $mytoken"HTTP/1.1 404 Not Founddate: Fri, 13 Jun 2025 10:20:28 GMTcontent-type: application/jsonx-envoy-upstream-service-time: 110box-request-id: 084aa24f457de6630b1c1719f0ffcea0ecache-control: no-cache, no-storestrict-transport-security: max-age=31536000Transfer-Encoding: chunked{"type":"error","status":404,"code":"not_found","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Not Found","request_id":"9qmpq2i2dviyjv95"}I have replaced personal data $userID and $mytokenA GET request is working properl

I’ve created the platform app, to list files in the folder shared with me. This app has a “Client Credentials Grant” authentication This app has “Make calls using as-user header” permissionIn my account ( which is an enterprise admin) I have two folders: “XXX” and “My Box Notes”.When I list my root folder using https://api.box.com/2.0/folders/0/items I can only see “My Box Notes”. What should I do to see the “XXX” folder which was shared with me?

Hi there,I'm trying to understand whether it's possible to use the Box API with a free account. I’ve successfully created an application, but it seems like it remains unapproved indefinitely.From what I can tell, without this approval, the API doesn't function properly. Could someone clarify whether free accounts can gain approval for apps or if API access is restricted to paid plans?Thanks in advance for your help!Best regards,  

Hi,I have created an application (2392115) to read the files from a program. It is in status “Pending Authorization”. How long it takes to get approved?  Thanks. 

If I have created an app with client_credentials grant, what happens if the user account with which the app was created gets deleted/removed. Will the app still function? https://support.box.com/hc/en-us/community/posts/360049153294-What-happens-to-custom-apps-created-by-a-user-when-that-user-s-account-is-removed-Above post suggests that the app will be orphaned, and once the collaborator is added to the app, it will function. But my query is mostly related to client_credentials grant app, as I’m using the app creds with box_subject_type as user and box_subject_id as user_id of the user who created the app. If the user gets deleted, will I get invalid grant_credentials error? And can I still use the app with other user’s user_id?

Hi, I’m trying to create an application which will read the content of a box folder, shared with me, on schedule.OAuth client_credentials grant type fit my needs well. I’ve created a platform app with authentication using “Client Credentials Grant” to test the authentication. I’ve tried to obtain the token using the following bash script (it uses httpie) having CLIENT_ID, CLIENT_SECRET, USER_ID set to the appropriate values:CLIENT_ID="client_id"CLIENT_SECRET="client_secret"USER_ID="user_id"http --print=hHbB --form POST https://api.box.com/oauth2/token \ box_subject_type=user \ box_subject_id=${USER_ID} \ client_id="${CLIENT_ID}" \ client_secret="${CLIENT_SEC

Hello we need to temporarily raise our rate limit so we can bulk create and permission box folders to onboard a large new customer

I have a list of users for whom I need to change status from Active to Inactive. Is there any way to do this in bulk?