Hi there, this is expected.
It all depends on which user are you authenticating with CCG. Note the small print where it says
Access to content is further restricted by the users’ permission and Access Token used.
Here are some scenarios.
Using:
box_subject_type = enterprise
box_subject_id = 877840855
curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname' \
--header 'Authorization: Bearer j5...Vg' \
Outputs
{
"type": "user",
"id": "20706451735",
"name": "CCG"
}
and the root folder items:
curl --location 'https://api.box.com/2.0/folders/0/items' \
--header 'Authorization: Bearer j5...Vg' \
outputs:
{
"total_count": 0,
"entries": [],
"offset": 0,
"limit": 100,
"order": [
{
"by": "type",
"direction": "ASC"
},
{
"by": "name",
"direction": "ASC"
}
]
}
This means the service user CCG
has no files in their root folder.
Any account wont be able to see content from another account unless it has been explicitly shared between them.
However service account have a super power, they can impersonate another managed user.
You can do this 2 ways, use the as-user
header to impersonate another user, or login directly with that user, if you have these configurations active:
Let’s start with the `as-user’:
curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname' \
--header 'as-user: 18622116055' \
--header 'Authorization: Bearer j5...Vg' \
Outputs:
{
"type": "user",
"id": "18622116055",
"name": "Rui Barbosa"
}
Listing root folder items:
curl --location 'https://api.box.com/2.0/folders/0/items?fields=id%2Ctype%2Cname' \
--header 'as-user: 18622116055' \
--header 'Authorization: Bearer j5Vg' \
Outputs:
{
"total_count": 31,
"entries": [
{
"type": "folder",
"id": "220421706333",
"etag": "0",
"name": "A_Class"
},
...
{
"type": "file",
"id": "1010742636771",
"etag": "1",
"name": "This is a box note.boxnote"
},
{
"type": "web_link",
"id": "22625801630",
"etag": "0",
"name": "Shared Folder - GBP Order Forms"
}
],
"offset": 0,
"limit": 100,
"order": [
{
"by": "type",
"direction": "ASC"
},
{
"by": "name",
"direction": "ASC"
}
]
}
Similar results can be obtained if you get the token for the CCG app using:
box_subject_type = user
box_subject_id = 18622116055
curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname' \
--header 'Authorization: Bearer Maf...cpY'
Outputs:
{
"type": "user",
"id": "18622116055",
"name": "Rui Barbosa"
}
If you are using one of our SDK’s, they have built in support for both the as-user
and the box_subject_type
Let us know if this helps, cheers!