Skip to main content

Regarding Unable to upload files using access token generated using client credentials


Hi Team,


I am facing issue while uploading file to folder, I am having collaborator access for uploading file to a folder. My colleague has added me as collaborator (Admin) in app. When using Developer Token of that app I am able to upload file on folder, but when generating Access Token and using it to upload it gives me below error:

Error when uploading using Generated Access Token:

{

“type”: “error”,

“status”: 404,

“code”: “not_found”,

“context_info”: {

“errors”: [

{

“reason”: “invalid_parameter”,

“name”: “parent”,

“message”: “Invalid value ‘d_244280116703’. ‘parent’ with value ‘d_244280116703’ not found”

}

]

},

“help_url”: “http://developers.box.com/docs/#errors”,

“message”: “Not Found”,

“request_id”: “6sq71ghlvfufpj1r”

}


I am generating token using client credentials and authentication for my app is OAuth 2.0


Can someone tell me what is issue or what i am missing in this implementation?

Thanks

7 replies

rbarbosa Box
  • Developer Advocate
  • 553 replies
  • January 17, 2024

Hi @user171 , welcome to the forum.


Client Credentials Grant (CCG) has the capability of using both a service account or a user account.


With the information you sent it seems you may be using the service account which might not have access to the folder.


When you create a developer token, they are always associated with the user who created them, so that would work.


When you request a new access token for the CCG app, check to see if your are requesting for a service account or your user. For example


curl --location 'https://api.box.com/oauth2/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \



--data-urlencode 'grant_type=client_credentials' \

--data-urlencode 'client_id=<MY CLIENT ID>' \

--data-urlencode 'client_secret=<MY CLIENT SECRET>' \

--data-urlencode 'box_subject_type=enterprise' \

--data-urlencode 'box_subject_id=877840855'


Returns this:


{

    "access_token": "XeF...P9",

    "expires_in": 3884,

    "restricted_to": [],

    "token_type": "bearer"

}


Let’s check who is logged in:


curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname%2Clogin' \

--header 'Authorization: Bearer XeF...P9'


Results in:


{

    "type": "user",

    "id": "20706451735",

    "name": "CCG",

    "login": "AutomationUser_1803368_9rbDFPFJSf@boxdevedition.com"

}


Now let’s try the same but request a CCG access token for my user:


curl --location 'https://api.box.com/oauth2/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--data-urlencode 'grant_type=client_credentials' \

--data-urlencode 'client_id=<MY CLIENT ID>' \

--data-urlencode 'client_secret=<MY SECRET>' \

--data-urlencode 'box_subject_type=user' \

--data-urlencode 'box_subject_id=18622116055'


Results in:


{

    "access_token": "B4...Ww",

    "expires_in": 4222,

    "restricted_to": [],

    "token_type": "bearer"

}


Checking the logged in user:


curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname%2Clogin' \

--header 'Authorization: Bearer B4...Ww' \


Results in:


{

    "type": "user",

    "id": "18622116055",

    "name": "Rui Barbosa",

    "login": "myemail@gmail.com"

}


Let us know if this worked. If not then we need to check your application configurations.


Also, whenever you change a CCG application configuration you must re-submit it for administrator approval. (I always forget this one. 😉 )


Cheers


  • Author
  • New Participant
  • 3 replies
  • January 18, 2024

Hi @rbarbosa ,

As per your provided code sample I have tried same approach using postman, but I am unable to fetch user details with generated token, below error is encountered:


{

    "type": "error",

    "status": 404,

    "code": "not_found",

    "context_info": {

        "errors": [

            {

                "reason": "invalid_parameter",

                "name": "user",

                "message": "Invalid value 'u_2'. 'user' with value 'u_2' not found"

            }

        ]

    },

    "help_url": "http://developers.box.com/docs/#errors",

    "message": "Not Found",

    "request_id": "yciiehhlxs1i8htg"

}


Please clarify do we need approval for user created apps from Admin?

Also, is there any way to use Box API without our Admin Approval?


rbarbosa Box
  • Developer Advocate
  • 553 replies
  • January 18, 2024

I think I maybe misunderstanding the situation.


Let’s try to go step by step.


When you got to the developer console, can you paste a screenshot of the configurations?


Here is mine:



And I have all the scopes selected:



Also what do you get when you hit the https://api.box.com/2.0/users/me end point?


Cheers


  • Author
  • New Participant
  • 3 replies
  • January 19, 2024

Sure, Please find below configurations of mine:


App Access Level: App Access Level

Below is the response of https://api.box.com/2.0/users/me end point:


{

    "type": "error",

    "status": 404,

    "code": "not_found",

    "context_info": {

        "errors": [

            {

                "reason": "invalid_parameter",

                "name": "user",

                "message": "Invalid value 'u_2'. 'user' with value 'u_2' not found"

            }

        ]

    },

    "help_url": "http://developers.box.com/docs/#errors",

    "message": "Not Found",

    "request_id": "rkpaamhlz0022co0"

}


Thanks

Jahanvi


rbarbosa Box
  • Developer Advocate
  • 553 replies
  • January 19, 2024

Hi Jahanvi,


Can you share the authentication method of your app so I can try to replicate your use case?


Mine is:



  • Author
  • New Participant
  • 3 replies
  • January 22, 2024

Hi @rbarbosa,

Please find attached screenshot for authentication method.


Thanks

Jahanvi


rbarbosa Box
  • Developer Advocate
  • 553 replies
  • January 23, 2024

Hi Jahanvi,


Something is off and I can’t identify what…


I’ve created a CCG App access only, check everything and I am able to query the current logged in user.





curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname%2Clogin' \

--header 'Authorization: Bearer Rd...bi'


Resulting in:


{

    "type": "user",

    "id": "31499781476",

    "name": "CCG APP Level",

    "login": "AutomationUser_2199662_F1nQzjOmkM@boxdevedition.com"

}


So I suspect you haven’t authorized the app yet…


On the top level flip to the authorization tab:


And select review and submit.


Then goto the administrator console and approve the app:


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings