API

Hello! Has anyone used the no code platform n8n to create workflows? I am currently working on an image tagging workflow that would trigger when a folder is created in a specified box location, and then send those images to be tagged and then update the metadata being stored in a json file. When I create actions in the workflow like get files or get folders, I have no issues. But when I use a box trigger node to start the workflow, I get the following error message : Forbidden - perhaps check your credentials? Show Details Box Trigger: 403 - “”

There are several apps in our Box environment that I need to have deleted. I have them disable but our information security team wants them deleted. How do I go about getting them removed ASAP?

Dear Box Developer Support Team,I hope you are doing well.We are currently using the Box.V2 .NET SDK in our C# application to fetch files and folders from Box.We have a requirement to retrieve all files and folders within a specific date range (e.g., created or modified date) without providing any keyword in the search query.Our goal is to filter Box content by date range only — for example, all items modified between 2025-01-01 and 2025-01-31 — without specifying a search term.Below is the code snippet we are currently using: var searchParams = new BoxSearchRequest(){    Query = "", // No keyword    ContentTypes = new List<string> { "name", "description", "file_content" },    FileExtensions = null,    CreatedAtRangeFromDate = new DateTime(2025, 01, 01),    CreatedAtRangeToDate = new DateTime(2025, 01, 31),    Limit = 1000,    Offset = 0};var searchResults = await client.SearchManager.SearchAsync(searchParams); However, when we omit the keyword (Query = "" or null), the API eithe

I am trying to get data after Selected Date in selected Folder I am using dll with Below Code in C#  searchTermFiles = boxClient.SearchManager.QueryAsync(          query: keyword,                             // Names, descriptions, text contents of files, and other data          ancestorFolderIds: null,                          // Searches to specific parent folders          contentTypes: new[] { "file_content", "name" },                       // Can be name, description, file_content, comments, or tags          limit: limit,                                                 // The default is 30 and the maximum is 200                                    type: "file",                                                 // Can be file, folder, or web_link,          scope: "user_content",          //fileExtensions: new[] { "docx" },          //createdAfter: isFirstTimeScan ? null : DateTimeOffset.Parse(keywordCollection.ModificationDate.ToString()),          //createdBefore: DateTimeOffset.Parse

We are developing a third-party API in-house, and we’ve encountered an issue where, under certain conditions, file uploads via the API result in errors, preventing all files from being uploaded successfully. We would like to determine whether this issue is caused by our application or by specific limitations of the API.To investigate, we generated an API report using the "App Diagnostics" feature on the developer console for our API app at "https://xxxxx.app.box.com/developers/console/app/xxxx". In the report, we found a section labeled "HTTP Status", which showed error statuses such as 400, 409, and 499.However, the list of Box API HTTP status codes available at https://developer.box.com/guides/api-calls/status-codes/ does not provide detailed explanations for these errors. Based on this information, is there any insight into what kind of errors might be occurring? Could it be that we are hitting the API rate limits?

Hello all, I am using the Box API to upload files, which is working fine. But I would like to know is there a way to retrieve the “direct link” from the same api? And how would I set the sharing permissions so that my web app can access the file? My use case is:1- Upload an image using the box API.2- Retrieve the image URL.3- Use the image URL in a web app. (as an image source)Current issues:1- No clear way to generate the direct link from the API. It seems I have to share it in another API call. Or download it every time a user wants to preview it on the web app.2- No clear way to set CORS/viewing permissions without authenticating each user. (I would like to use my service account). What I’m looking for:-Add a property that automatically shares the file when it’s uploaded in the same API.-Have a whitelist for the web app domain or a way to allow it to preview without making the links public. Thank you!

We are receiving a 500 server error when attempting a upload using the BOX API. Is any one else experiencing the same? Our application have not changed and have been working as of yesterday. Here is the error we are getting:{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

i got empty error message and i dont know why 

Good afternoon,Hope everyone was able to catch Boxworks today.Is there an easy way to utilize List enterprise users from the API to populate a user MetaData collection?The idea is that the users exist in Box and having to manually add users to the metadata collection is inefficient.  Thanks in advance,Rob

Good day, I have been tasked with automating a file upload to box with Power Automate. If the dated directory doesn’t exist in box to upload the file to then my process must create the directory first. I don’t see any “Create Folder” action in Power Automate for the Box connector - How can I create a folder in box with Power Automate?My box account has the necessary permission to create folders (I’ve tested on box website) but I  need to automate this through Power Automate Desktop but I don’t see the action to so

When calling “Create Folder (https://developer.box.com/reference/post-folders/)”,an HTTP status 403 error was returned with:code: access_denied_insufficient_permissionsmessage: Access denied - insufficient permissionThe API documentation states:403This error is returned when the user lacks the necessary access permissions to perform this action. This may be because the user lacks access to the folder or its parent folder, or the application lacks write permissions for files and folders.However, in this case, what specific permission was lacking?

im having issues with the API, previously i used sign request sandbox which worked great and my portal was pulling data and adding it to the agreements before sending, when trying to add the prefill tags its not pulling the data and then sending the agreement, basically box is refusing the prefill tags being added before sending the document, does anyone know if this is possible for the API to add text tags from my platform to be added to an agreement then be sent for signature ?

Hello Team,We have successfully configured the Box Authorization Service and are able to collect data from Box accounts that have a small number of collaborators (less than 5).However, when attempting to collect from accounts with a large number of collaborators (for example, 92K or 140K), the collection fails after about 5–10 minutes with the following error:Error: “Error loading evidence file”Upon logging the exception details, we observed the following:Exception Type: System.Net.WebExceptionMessage: The operation has timed outDetails: Box Authorization Service: Configured and validated successfully Works as expected for low collaborator counts Fails consistently for high collaborator counts (tens of thousands) Error occurs during the collection phase after several minutes Exception indicates a possible timeout or performance limitation Request for Guidance: Are there known limitations or thresholds in Box when handling accounts with a very large number of collaborators? An

I am trying to run self hosted mcp server using CCG but to get tokens I need a server authentication app to run it on an azure web app as a container. My account is on box free trial.Issue-I can’t authorize the platform app as server authentication. Would be also interested to know what solution other people came up with to get pass this obstacle.

Hi everyone,I'm trying to integrate Box with WatsonX Orchestrate, and I’ve run into an issue I hope someone can help me with.Here’s my setup:I created a Box application using OAuth 2.0 with Client Credentials Grant (Server Authentication). The application has already been approved by the Box administrator. I’m attempting to connect this Box app to WatsonX Orchestrate. However, when I try to establish the connection from WatsonX Orchestrate, I get the following error:redirect_uri_mismatchI understand that this error typically means the redirect URI used in the authentication flow doesn’t match what’s registered in the Box Developer Console. But since I’m using Client Credentials Grant, there shouldn’t be a redirect URI involved, right?Has anyone successfully connected Box to WatsonX Orchestrate using this method?Do I need to configure a redirect URI anyway, or is there something specific WatsonX expects?Any guidance or examples would be greatly appreciated. I’d love to learn from others

We are using Box from the user's perspective. We have an Enterprise license.It seems that the SFTP feature has been implemented, so I tried to check the connection because I want to use it for our regular operations, but it appears to be denied with 'Permission denied'.I would like to contact the Box administrator, but is there any permission setting that needs to be configured on the administrator side?ー　ー　ーboxをユーザ側の立場で利用しています。enterpriseライセンスです。SFTPの機能が実装されたということで、普段の運用業務で利用したいと思い接続確認してみましたが、Permission deniedで拒否されてしまうようです。box管理者に問い合わせしたいのですが、管理者側で何か許可設定をする必要はあるのでしょうか。

I’m an admin trying to transfer files from one user who has left our organization to her supervisor… however… I am getting an error "Source User is locked" with the API or “...is in another operation” when attempting to move files or change the folder owner in Box -- it’s been several days and it just never changes. I’ve tried several things and tried waiting for days -- but this is just a weird account that won’t budge.

Hi all — looking for guidance and confirmation on a BC/DR pattern for Box SSO.Current state (redacted): Box Enterprise with SAML SSO enabled. Primary IdP = a third-party SAML provider (not Okta). “SSO Required” is OFF so password logins remain possible. Two Box admin accounts have SSO bypass enabled and strong passwords (tested at https://account.box.com/login). A standby Okta SAML configuration is pre-staged in Enterprise Settings → Authentication (uploaded Okta IdP metadata & SHA-256 signing cert). Okta app uses NameID = EmailAddress; app username = email; standard givenName/sn claims. No change to the production IdP yet—we only want an emergency fallback. SCIM provisioning from Okta is not enabled (SSO only). What we want to do during an IdP outage: Admins enter via password (SSO bypass). Optionally flip SSO Provider in Box from the primary IdP → Okta to keep SSO for users. Keep SSO Required = OFF during the flip; validate with pilots; later flip back to the prim

I’m trying to confirm whether or not Box development could support setting up an SFTP server with Elliptic Curve Digital Signature Algorithm (ECDSA), such as using Server-side authentication using JSON Web Tokens (JWT).  And if so can anyone estimate the effort and/or point me to relevant examples or docs? I know that SFTP is supported with a user password (not SSO) per Box docs, but the financial services client I’m working has security stipulations allowing SFTP but only with key pair authorization (ECDSA preferred). I’m otherwise looking at setting up a basic Azure blob storage SFTP but they don’t support ECDSA specifically, and our teams already use Box for internal project document storage and sharing, so Box would be a preferred method for us if it’s possible. Overall goal is to be able to securely share files back and forth with external clients without requiring Box user licenses and access for those clients individual team members for short-term projects (their security team w

I am using a free account and want to generate access token from client credentials without browser login just through api calls.

The OAuth 2.1 “spec” simplifies some of the OAuth 2.0 specifications (e.g. eliminates those that are no longer considered secure, etc). One of the things OAuth 2.1 suggests is using PKCE even for Confidential (Server Side Clients). Here’s what OAuth 2.1 says, " PKCE is required for all OAuth clients using the authorization code flow" I don’t see any mention of PKCE in the Box documentation. Can you tell me if PKCE is being considered for future Box authentication?

Hi - Has there been any change or update to the BOX SFTP? I was able to connect to BOX via SFTP on Thursday, but since Friday I’ve been receiving the error ““Failed: Interactive authentication announced but rejected”. Our login credentials have not changed. I followed the below link to setup the connection.https://urldefense.com/v3/__https://support.box.com/hc/en-us/articles/ [removed by moderator] -Using-Box-with-SFTP__;!!NFWRZ6kECLqu!phiDSBMaKKLIQkISKivtTPZYrj23HEG8wLvWvYQ7EtkrwGihuhmkKAxBQanR5ATwNDCndxzRxby5xEylRR87YSbL$Thank you,Supritha.

Hi everyone, I’m looking to use the Box CLI Scripts to bulk delete Open links in Box in certain folders. I looked at the list of properties you can attach to the string and see nothing that specifies to target Open links, is there a way I can do that or is the script set to delete everything in the folder? Help would be appreciated :)

Hello,I’m facing an issue with Box Sign API: I upload a file via API and create a Sign Request — API responds successfully, but the sign email is not sent. If I upload the same file manually in the same folder and create a Sign Request, the email is sent. Question: How can I make API-uploaded files trigger the sign email automatically, like manually uploaded files?

Hi Box Team,I have a question regarding how API calls are counted towards the license-based rate limit when downloading a file.According to the File Download Guide, when I download a file, the SDK (or my app) first sends:GET https://api.box.com/2.0/files/{file_id}/contentThen Box responds with a 302 redirect, and my client follows it by making:GET https://dl.boxcloud.com/d/1/[long-random-string]/downloadMy questions are:  How many API calls are counted towards the license-based rate limit in this scenario — just the initial GET /files/{file_id}/content request, or both the API request and the subsequent dl.boxcloud.com download request? If the initial API request results in a 429 (rate limit exceeded) response, does this 429 request itself count against the license-based API call allocation? Thanks in advance for clarifying!