All things API and SDK related
Recently active
I want to create a python script that grabs data from SQL Server, creates a csv, and drops it into my box.com folder automatically. I can do this with a developer token, but that expires after 60 minutes.The issue is that I have a enterprise_id of 0. Company A uses box.com and they are getting data from a bunch of Companies like mine. So they instructed me (Company B) to create a free personal account and they shared a folder with me that I can dump my data into.I have to drop data in weekly, and setting up an automated process would be best. I created a developer account and got a developer token and was successful in a test. But I need a token that lasts longer, and I am reading that JWT does not work with enterprise_ids of 0. OAuth doesn’t really apply to my situation.Is there anything I can do to automate this process?
Will keep it short and sweet. I am looking to build a folder structure traversal UX that includes search/sort/filtering capabilities. e.g.Find me files with metadata attribute == X in folder YIt doesn’t seem like this is possible today. There are three APIs in questionGet Folder ItemsSearchMetadata Query Search and Metadata Query do not have the ability to only search within a single folder. Get Folder Items is limited in it’s filtering capabilities. It seems like an attribute I would expect in the metadata query filter options. ancestor_folder_id does not look at just a single folder, it looks at all folders below, which means we cannot recreate the folder structure navigation experience without serious server interception (prohibitively expensive). Has anyone solved this? Is this a known issue in the API offering?
I am trying to integrate IBM Box with IBM Bob IDE using MCP to query files and folders from Box in real time. Here is what I have done so far: Created a Platform App in Box Developer Console - Selected Server type with Client Credentials Grant - Configured mcp_settings.json in Bob.Issues I am facing:1. Package @box/box-ai-agent-toolkit-mcp returns 404 on npm — does not exist2. App status is Disabled — pending IBM enterprise admin approval3. Developer Token option is greyed outQuestions:1. What is the correct npm package name for Box MCP Server?2. Does Box MCP officially support IBM Bob IDE?3. How to get enterprise Box app approved faster?4. Is there an alternative way to connect Box to Bob without admin approval?Any guidance would be really helpful!
We created a Box Platform App using JWT server authentication. The app is configured as App Access Only, not App + Enterprise Access, and the authorized scope currently shown is “Read all files and folders stored in Box.”The JWT token authenticates as the app’s Service Account / Automation User. In our case, the token identifies as:Name of automation serviceE-mail of automation serviceWhat is confusing is that we have not intentionally collaborated that Service Account onto the target folder or any parent folder. The folder and test Excel files were created by my sandbox admin user, not by the Service Account. Despite that, when we call the Box API with the JWT Service Account token and provide the folder ID, the app can list the folder contents and read file/folder metadata.For example, it can see the folder and files and read metadata such as owner, creator, file name, file ID, permissions, etag, etc. The metadata shows the folder/file is owned and created by my sandbox user, not the
Hi everyone,I have used Box Microsoft Sentinel Codeless Connector (CCP) connector which uses the REST API Poller to ingest Box Enterprise Events.The connector authenticates using the Client Credentials Grant against the Box OAuth endpoint.OAuth EndpointPOST https://api.box.com/oauth2/tokenGrant Typeclient_credentialsAdditional Parametersbox_subject_type=enterprisebox_subject_id=<Enterprise ID>The connector configuration is similar to:"auth": { "type": "OAuth2", "grantType": "client_credentials", "TokenEndpoint": "https://api.box.com/oauth2/token"}However, the connector consistently fails.Microsoft Sentinel reports the following error:RES40001Invalid Credential or cannot get credential for example OAuth2 access token.Call failed with status code 429 (Too Many Requests):POST https://api.box.com/oauth2/tokenNote that the credentials used are valid, Microsoft Sentinel Data Connector shows the following:
I can’t change redirect urls, all action fail, can’t add, can’t remove, can’t edit Box Developers Consolewith browser request Box cfg RequestResponse Body
Hi,I have a service account that was invited into a few client’s folders. It was probably renamed and it is under developers console → Platform Apps → Name of app now. I got everything here as Authorized and enabled since Jan 2023. Client changed security and enforces 2FA now, which I do have for my account. If I go to to the Content Manager, I see nothing here. All folders I had access to are gone. From the folder’s perspective I see the automation user as Pending I’m also Co-owner in another folder and I have rights to resend the invitationit says it does sent the email but that email is automatically generated so I assumed it comes to me or ideally all owners of the app as listed here but nope, I didn’t receive anything nor other Admins. How am I supposed to accept the invitation to virtual email that doesn’t exist? My use case is that I want to upload files or create sub-folders in a given folder from our integration application. It is our client’s Box probably as Enterprise and t
I just created a webhook v1 and it says that I need to contact support in order to enable it, but it seems I need to have an Enterprise account in order to contact support in order to enable my webhook v1 for other users?
Using the Box Java SDK v10:During a high volume of uploads I occasionally see a “Stream already closed” exception. This appears to be caused by a retry attempt on a 429 response from the original upload request. It appears that the Box SDK attempts to retry the upload without resetting the stream so the stream has been read. I have written a custom RetryStrategy that resets the stream before a retry and this fixes the issue. It seems like this should be part of the retry code or is this the expected way to handle retry attempts for uploads?
Using Box Java SDK v10:During a high volume of uploads (1000+ files), I occasionally receive a 409 (name_temporarily_reserved) error. When verifying the upload, the file that threw the exception DOES exists in the folder and appears to be uploaded successfully. It looks like the request is receiving a 429 response but retrying too fast (before the original upload is cleaned up)? Seems like an Box issue but I’m not sure how to handle this scenario in my code.
I’m trying to download a file that I created via the API, but keep getting an SSL error. Note that I can download the same file successfully using the API Developer playground, providing just the file ID and my developer token. See curl output below:$ curl -i -L "https://api.box.com/2.0/files/ [removed by moderator] /content" -H "authorization: Bearer <REDACTED_TOKEN>"HTTP/2 302 date: Wed, 11 Mar 2026 12:55:49 GMTx-envoy-upstream-service-time: 259location: <REDACTED_LINK>box-request-id: 07a3f1d1a260e4d0957df37044c38d148cache-control: no-cache, no-storestrict-transport-security: max-age=31536000via: 1.1 googlecontent-length: 0alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000curl: (35) error:0A000126:SSL routines::unexpected eof while reading
I’d like to report that it’s impossible to authorize third party app using Android WebView. All Android apps seem to be affected by that unless they use external browser or Box app for auth. Regular flow should be: Login page → enter credentials → Grant access pageCurrent broken flow is: Login page → enter credentials → Blank page and no authorization code returned I was able to capture error log from js console, I guess this prevents the grant page from showingmain-preload.f0bdd4e4aa.js:69 Uncaught (in promise) TypeError: Cannot read properties of null (reading 'getItem') at 91049 (main-preload.f0bdd4e4aa.js:69:37140) at y (runtime.d0fed8b796.js:2:146219) at 60972 (main-preload.f0bdd4e4aa.js:69:9428) at y (runtime.d0fed8b796.js:2:146219) at 31988 (main-preload.f0bdd4e4aa.js:8:41008) at y (runtime.d0fed8b796.js:2:146219) at 38736 (main.89da41b464.js:1:213) at y (runtime.d0fed8b796.js:2:146219)91049 @ main-preload.f0bdd4e4aa.js:69y @ runtime.d0fed8b796.js:260972
現在ServiceNowとAPI連携を行い、ServiceNow側からAPIを叩いてBOX内にフォルダを作成する仕組みを作成しています。要件の一部に、フォルダに対して22日後に自動削除されるよう設定するという要件があるのですが、調べてみたところ、BOX APIにフォルダ削除日の設定は存在しないという結論に至りました。ただ、私自身BOXの利用経験が浅く情報が最新かどうか判断しかねている次第です。また、存在しない場合どのような代替方法があるかなど、過去に実装経験がある方や知見がございましたらご教示いただきたいです。 よろしくお願いいたします。
I am getting {"type":"error","status":404,"code":"not_found","help_url":"http://developers.box.com/docs/#errors","message":"Authorization Failed","request_id":"redacted"} when I call https://api.box.com/2.0/tasks/{task_id} though I have no issue listing all tasks using the same token with https://api.box.com/2.0/files/{file_id}/tasks
Hi,I need to restricting folder renaming for user after creation. Is there any SDK API available to call or any other option.Thanks
Hi All,Got a client that wants their files on box (previously sftp) and I've gotten the Box CLI to upload files to a folder and will be looking to schedule it on a weekly basis for the client. I'm targeting the folder purely by folder ID using "box files:upload <filename> --parent-id <folder id>” in PowerShell (I know, gross!).The client has their box url branded but not sure how to handle it in the future if we have more clients wanting to use Box. If the clients I need to post to each have their own branded Box URLs (e.g. cmpa.app.box.com/folder/111111, compb.app.box.com/folder/22222 etc).My question is: are folder IDs globally unique across all Box tenants (cmpa, cmpb, cmpc)? In other words, if I upload to folder ID 111111, is it guaranteed to land in that exact folder for client A regardless of whether I previously posted to Client B's 22222 folder with the same box account and token (via CLI)?Are the branded URLs purely cosmetic, with only the folder ID being conside
Has anyone else experienced the Box AI API Q&A endpoint returning 403 issues on all queries since last evening? It seems like the same API calls that were working yesterday are failing as forbidden, even though nothing changed with the App client’s permissions. Already verified the Client ID we are using has access to the file’s were using in the request but now only getting 403 back.
In today’s digital world, education has expanded beyond classrooms. Many parents now prefer online platforms for teaching their children important subjects, including religious education. One of the most effective ways technology is being used is through online Quran learning platforms.These platforms offer: Interactive classes with qualified teachers. Flexible schedules that suit children across different time zones. Digital resources like Noorani Qaida, Tajweed rules, and translation guides. Safe learning environments with parental supervision options. At Quran Kids Online, we provide kids with structured online Quran classes that include Tajweed, memorization, and translation. Our mission is to make Quran learning easy, accessible, and engaging for young learners worldwide.Technology has truly bridged the gap between teachers and students, and with platforms like Box supporting collaboration and education, the future of online learning looks even brighter.Question for the comm
Calling all developers! The Box Developer Platform is evolving rapidly to support the next generation of custom integrations and AI-powered applications.In our latest product roadmap session, we deep-dived into emerging headless interfaces, including connecting AI agents (like ChatGPT and Claude) to your Box instance via the Box MCP Server.We also discussed simplifying the developer experience with the upcoming npm install box command, providing AI unit entitlements for free developer accounts, and making the Box AI agent accessible via Slack and MCP. 📌 Read the full developer breakout summary and watch the session here!
I created a box developer account to investigate how to integrate our customer's Box repository with our tool. Everything went create with Oauth and the developer token, but when I started experimenting with Client Credentials Grant, I simply can't get it to work.When I try to make a request with the client id, client secret and my own user ID, I get:"App is not yet authorized for use"In my console I can see messages like:"Log in or sign up for a Box Developer account to access all of the Developer Console features."Which is something that also pops up at the top of my Developer Console page. Not sure how I can create a Box Developer account since, as far as I can tell, I already have one.
Would the custom agent’s activity be tracked with “BOX_AI_USER_REQUEST”, the same event type as the Box AI chat? Or is it different for custom agents?
Hi Team,I created an Oauth application in box developer console, it is showing status as pending enablement. How can I get it enabled. I need this application as part of automating our workflow. please suggest
We have a Box Co-Admin account with the following permissions enabled: Manage Users Manage Groups View Users' Content Edit Users' Content Log into Users' Account The Co-Admin can successfully impersonate regular managed users using the As-User API.The same Co-Admin can also view another Co-Admin's files and folders through the Content Manager functionality in the Box Admin Console.However, when attempting to access the other Co-Admin's content using the As-User header, the API returns HTTP 403 Forbidden.Questions: Is Co-Admin to Co-Admin impersonation supported through the As-User API? Is the 403 response expected behavior? If Content Manager can view another Co-Admin's content, is there a public API equivalent to Content Manager? Is there a supported way to programmatically access another Co-Admin's content for migration purposes? Any documentation references would be appreciated.
I am having a challenge with the Claude MCP Integration. Has anyone experienced this and has a solution? Claude for Box MCP Integration — File Version Upload FailureIntegration: Claude for Box (Official MCP integration, listed in Box App Center) Issue: The Claude MCP integration is unable to upload new versions of existing files despite being fully authorized. The integration returns a permissions error when attempting to call the Box file version upload API endpoint.Authorization status: The integration shows "Integration Added" in Box with the following granted scopes:Read all files and folders stored in Box Read and write all files and folders stored in Box Manage Docgen Requests Manage AI RequestsExpected behavior: With read/write scope granted, the integration should be able to upload new versions of existing files owned by the authorized user.Question for Box support: Does the Claude for Box MCP app (published by Box in the App Center) have the item_upload scope enabled in its ap
Anytime a user signs and creates a document it’s supposed to trigger my webhook, but that trigger is not happening regardless of what I do.
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.