Skip to main content
  • EN

◆Background
We provide a service that displays a list of folders in Box and uploads files specified by the customer. We received an inquiry from a customer regarding the following issue:
On 8/21, 8/26, and 8/29, the service was temporarily unavailable due to an error. It was restored over time and became usable again. What could be the cause of this?

◆Our Investigation Results
Upon investigating our application logs, all incidents were due to the following error:
HTTP Status: 403
Response: "error":{"code":"AccessDenied","debugMessage":"{\"error\":\"service_blocked\",\"error_description\":\"The application is blocked by your administrator\"}"

◆Executed API
POST https://api.box.com/oauth2/token
The error occurred during the refresh of the access token.

◆Questions
1. Under what circumstances would an administrator temporarily block access?
2. Are there any specific settings in the customer's Box administrator configuration that we should check?

◆Additional Information
If a Box administrator had prohibited third-party applications, the error should occur consistently, so we do not understand why it would be restored over time. Additionally, this issue has only occurred with one specific customer and has not been reported by any other customers using Box.

Hi @SIOS Covas 👋 Welcome to Box community!

One of two things may be happening:
🔸 Either the Admin has enabled a feature that blocks unpublished applications, unless explicitly identified by the API Key/Client ID
🔸 Or, you may be missing a critical step in the setup of a Server Authentication JWT-based application.

If the setting to disable unpublished application is enabled the Admin will want to whitelist your application by adding its API key just above the "Custom Applications" section in an area labeled "Application Settings".

From here, the Admin will see if the option to "Disable apps by default" is enabled next to Unpublished Applications and will be presented with a form field to enter the API Key/Client ID of your application.

The latter requires that the Admin grants access to your application from the Admin Console. You may visit our article on Authentication with JWT.

In the event that you need further assistance, you may submit a support ticket here to get in touch with our Product Support. 😎

Hi @JeyBueno Box 

Thank you for your response.

Our app is created with "OAuth 2.0." We will have the customer check their settings for blocking unpublished applications.

However, the following question remains unresolved, so please let us know if there are any other settings that could be causing this issue.

◆Question
If a Box administrator had prohibited third-party applications, the error should occur continuously.

We do not understand why the error is resolved over time.

Normally, the app is usable, but occasionally the error "The application is blocked by your administrator" occurs temporarily.

Reply


Terms & ConditionsCookie settings