API

Hi All. I am working on downloading some files and folders from box. I have two apps, one created back in 2022 and one created last week. The two apps have identical setup (apart from the old one having the “App Details” option set to “Select an option”),When attempting to download the files with the old one all is good and the files are downloaded. However when I use the new one I receive the following response for downloading the files: “access_denied_insufficient_permissions”.It is very odd as they use the same code to generate the auth token and url (files/{fileId}/content). As mentioned the permissions are the same:Authentication method: OAuth 2.0 with JSON Web Tokens(Server Authentication); App Access Level: App + Enterprise Access; Application scopes: All selected; Advanced features: All selected;Both apps are authorized.I even added a check with url: “/files/{field.id}?fields=permissions,c

Hi Box Support / Community,I’m working on a Box integration where I need to programmatically retrieve only all files and folders that were modified within a given date range — for example, from 2025-06-22 to 2025-06-28.What I’ve Tried: 1. Search API with updated_at_rangeI referred to the SDK documentation here:📖 Box Python SDK Search Query DocumentationExample:search_results = client.search().query( query='S',ancestor_folder_ids=[folder_id],updated_at_range=('2025-06-22T00:00:00Z', '2025-06-28T23:59:59Z'))Issue:This still returns records whose modif

(en)Hi, I'm a Box user in Japan and I'm researching integrations with the Box AI API for Hubs.What kind of error response will be returned when the maximum number of calls per user account in the Box AI API is reached?--(ja)こんにちは、日本のBoxユーザです。Box AI API for Hubsとの統合機能の調査をしています。Box AI APIのユーザアカウント毎のコール数の上限に到達した場合、どのようなエラーレスポンスが返却されますか？ 

Hi community,I'm looking for the base URL to access the List user and enterprise events API endpoint specifically for FedRAMP(Gov cloud) supported environment.Could someone please provide:The correct base URL for making API calls to the FedRAMP cloud instance Confirmation that this specific API endpoint (List user and enterprise events) is supported in the Gov cloud offeringThank you for your assistance! 

I am using a third party system that has worked well for over a month now. I started getting this message, “Item with the same name already exists”   I know the file and folder I am attempting to create on BOX is unique. I have done the standard refresh, reboot, and cleared cache without any success. I am stumped and need to figure out a solution soon and I am getting farther and farther behind. . . .  HelpChris -- 

We have created JWT auth app for Authentication (app_user)app_user - https://developer.box.com/platform/user-types/#app-userQuestion:We have seen in consistent response behaviour in Users Listing API(https://developer.box.com/reference/get-users/)- for some Box Accounts app_user is included , for some its notDoes any settings in Box Account impact this behaviour of Users Listing API  

I have a box app that is using Oauth to authenticate.  Our users have to log in individually to get access to my app.  When I capture the user id using client.users.get_user_me().loginit returns the user id of the developer that setup the platform app.  Is there anyway to capture the user id as they are authenticating?  

Hi I  want to get an API to allow my Vercel user interface page to select files in some folders in Box, how do I do that? I do not write script, there must be a simple way of doing this?

I created a Box app with the my app’s public key and then authorized it Then deleted the Box app and created a new one In the new app it did not allow me to use that public key (even though there were no other apps using it); probably because the authorization was still in place (even if attached to a deleted app) and to delete the authorization I had to email the Box support. I decided to completely delete my account. however, when I tried to create a new app in a new account, it still showed the same error: apparently it is a rule across all Box app public keys. So, now I cannot basically create a Box account with my current Bubble app public key. Now, I cannot reactivate my original account since it says: Please email billing@box.com to make changes to your plan.  My questions: 1. How can I login to my deleted account again

Hi, I am trying to implement an e-signature workflow using Zapier. However, current implementation of the Box integration in Zapier does not have any signature-related triggers/actions.  Some apps have a generic "API Request" action (example below) but unfortunately box does not.   Is there any way to access the signatures API through Zapier? Thanks in advance.

Are there any sample code snippets or documentation on how to set up the API to upload documents? Any help would be appreciated. I searched and didn't find what I needed, just marketing material.

Current State:The downscoped token used for this has the permission for “base_explorer item_delete item_download item_upload item_preview” The app that’s being used has Co-Owner permission as well.  The Content Explorer renders based on the following settings:  We had a response Interceptor to the Box Content Explorer, but even after removing that and using OOB Box Content Explorer functionality, the download doesn’t work. I would only get something if I were to manually copy paste the download link from the response to a browser:   The download doesn’t work, neither does Preview I’

I was having the same problem as the following thread:When i try to generate a token by API with the box_subject_type: user, i get this messege: I noticed that i dont have access to an Admin account, but I intent on using the api to upload files to my personal box. Do I have to publish my app before hand? But its to much of a trouble for a simple use. 

Hi,I was looking for a way to delete a user using this method : curl -i -X DELETE "https://api.box.com/2.0/users/$userID?force=true" -H "authorization: Bearer $mytoken"HTTP/1.1 404 Not Founddate: Fri, 13 Jun 2025 10:20:28 GMTcontent-type: application/jsonx-envoy-upstream-service-time: 110box-request-id: 084aa24f457de6630b1c1719f0ffcea0ecache-control: no-cache, no-storestrict-transport-security: max-age=31536000Transfer-Encoding: chunked{"type":"error","status":404,"code":"not_found","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Not Found","request_id":"9qmpq2i2dviyjv95"}I have replaced personal data $userID and $mytokenA GET request is working properl

I’ve created the platform app, to list files in the folder shared with me. This app has a “Client Credentials Grant” authentication This app has “Make calls using as-user header” permissionIn my account ( which is an enterprise admin) I have two folders: “XXX” and “My Box Notes”.When I list my root folder using https://api.box.com/2.0/folders/0/items I can only see “My Box Notes”. What should I do to see the “XXX” folder which was shared with me?

Hi there,I'm trying to understand whether it's possible to use the Box API with a free account. I’ve successfully created an application, but it seems like it remains unapproved indefinitely.From what I can tell, without this approval, the API doesn't function properly. Could someone clarify whether free accounts can gain approval for apps or if API access is restricted to paid plans?Thanks in advance for your help!Best regards,  

Hi,I have created an application (2392115) to read the files from a program. It is in status “Pending Authorization”. How long it takes to get approved?  Thanks. 

If I have created an app with client_credentials grant, what happens if the user account with which the app was created gets deleted/removed. Will the app still function? https://support.box.com/hc/en-us/community/posts/360049153294-What-happens-to-custom-apps-created-by-a-user-when-that-user-s-account-is-removed-Above post suggests that the app will be orphaned, and once the collaborator is added to the app, it will function. But my query is mostly related to client_credentials grant app, as I’m using the app creds with box_subject_type as user and box_subject_id as user_id of the user who created the app. If the user gets deleted, will I get invalid grant_credentials error? And can I still use the app with other user’s user_id?

Hi, I’m trying to create an application which will read the content of a box folder, shared with me, on schedule.OAuth client_credentials grant type fit my needs well. I’ve created a platform app with authentication using “Client Credentials Grant” to test the authentication. I’ve tried to obtain the token using the following bash script (it uses httpie) having CLIENT_ID, CLIENT_SECRET, USER_ID set to the appropriate values:CLIENT_ID="client_id"CLIENT_SECRET="client_secret"USER_ID="user_id"http --print=hHbB --form POST https://api.box.com/oauth2/token \ box_subject_type=user \ box_subject_id=${USER_ID} \ client_id="${CLIENT_ID}" \ client_secret="${CLIENT_SEC

Hello we need to temporarily raise our rate limit so we can bulk create and permission box folders to onboard a large new customer

I have a list of users for whom I need to change status from Active to Inactive. Is there any way to do this in bulk?

I am creating a workflow from our website. I have set up the necessary Developer tokens and IDs and submitted for authorisation but it has been over a day and no response. I am unable to move forward with the integration without the authorisation.Any assistance would be much appreciated. This is the message I am getting from my account! 

Problem StatementThe /events API, when used with the stream_type parameter set to admin_logs or admin_logs_streaming, returns limited metadata in the source field — typically including only basic attributes like id, name, parent, and owned_by.However, when the same endpoint is used without explicitly setting the stream_type parameter (which defaults to all), the source field includes significantly more detailed information. This includes attributes like path_collection, file_version, timestamps (created_at, modified_at, etc.), and ownership metadata. Proposed Enhancement We request that the /events API be enhanced to return a more complete source object structure across

Hi, I hope I'm not asking what I've already asked in another post, but I couldn't find it.I'm a bit lost regarding the best option for implementing automatic access to the Box API from a backend program (I only want to download a file every so often).Since it will be automated, I also need the token generation to be automated (if applicable), but using OAuth2.0 makes things more complicated because the refresh_token is dynamic, the auth code to generate it is also dynamic, and I haven't found a way to generate each one through code or CURLs.I have a way to store client_id, secret_id because they don't change, but I can't save dynamic values, I would need to generate them all in session, at the moment.For the account I want to implement it is enterprise.Thanks