Box Platform

In my iOS app, I am using UIDocumentPickerViewController to pick a file from a Box Drive file provider. I am using startAccessingSecurityScopedResource on the url I receive and register an NSFilePresenter for this url to get change notifications. When I read the contents of the file, I am using file coordination.  Reading the initial content is working fine. When now however the file is changed on some other machine, I expect a change notification from the file presenter and I should be able to read the fresh data from the updated file. This is however not working. I am only getting fresh data, when I terminate my app and re-pick the file with the UIDocumentPickerViewController.Is this a fundamental limitation of the Box Drive file provider under iOS or is there some secret on how to get fresh data while the app is running?

I'm trying to generate a client secret on my developer account. I have fully set up MFA (see screenshot below). Whenever I try to click "Fetch Client Secret", it redirects me to "https://app.box.com/login/mfa?redirectUrl=/developers/console/app/2363167/configuration&from=dev_console" and I then get the below screenshot. This is a bug, can somebody please help me?

I noticed that there is a change on Jun 24th, 2025 about Enhanced extract agent.Could you please tell me when I can use extract agent successfully in my code？(now when I post request to https://api.box.com/2.0/ai/extract I will get response with 400 bad request)Thank you for your support.

I’m trying to clarify MCP billing.1. Remote Box MCP Server  2. Self‑Hosted Box MCP Server  The Self‑Hosted Box MCP Server uses the Box SDK internally, which makes the underlying API calls. I think this is chargeable.Docs say:• Partner Integration is non-chargeable.  • Custom App is chargeable.For case of remote box mcp server, will the API calls be marked as chargeable or not?

https://api.box.com/2.0/users call fails eventhough right permission set thru developer portal

We have many different organizations using our integration with Box.  All of them except for one obtains and uses OAuth refresh tokens, all day, every day.One organization in particular is complaining about "losing their connection" with Box.  The scenario is that the user has not used their OAuth connection in over an hour, so the OAuth token is expired;  we use the refresh token to obtain a new OAuth token (and new refresh token), but the request fails with the error; "invalid grant"  "Invalid refresh token" It hasn't been 60 days, so that's not the error (that error reports "timeout" which is not what we're seeing.    It's not an attempt to use the same refresh token more than once (we've eliminated that possibility).In other OAuth systems, I know that if the user changes his password that it will invalidate any outstanding OAuth refresh tokens.  Could this be the case here?   Are there any other cases in which would cause an OAuth refresh token to become inv

I'm currently using a Box Individual Plan and I'm developing an integration with ServiceNow using the Box Developer Platform.However, with my current plan, I’m unable to generate the Primary Key and Secondary Key, and I also do not see the Webhooks section available in the admin console or developer settings.https://www.servicenow.com/docs/bundle/yokohama-integrate-applications/page/administer/integrationhub-store-spokes/task/setup-webhook-box-spoke.htmlCould you please confirm:  Does the Box Individual Plan support the use of Webhooks v2 via the API? If not, which minimum Box plan i

While i was working on Box Preservations Im stucked while assigning the Hold policy to user / folder with the following endpoint.https://{{api.box.com}}/2.0/legal_hold_policy_assignmentsPayload: {  "policy_id": "3710887",  "assign_to": {    "type": "user",    "id": "2262844940"  }}The access token was generated with all the scopes mentioned as belowroot_readwrite manage_app_users manage_groups enterprise_content manage_legal_holds manage_legal_hold_policies manage_legal_hold_policy_assignmentspolicy creation is working fine with the app Onna Enterprise [Stage]. But this is failing with error {    "type": "error",    "status": 403,    "code": "access_denied_insufficient_permissions",    "help_url": "

I have recently set up a free Box account. I’m having issue with Requesting a Signature. The request signature box is grayed out. Why? Based on the data for the free account, I should have the ability to send 5 documents for signature per month. I have not routed any documents for signatures in July. Please advise. Upon logging in with my EDGE Browser, this is the error message that I receive. I’ve current using another Box account with the same browser, so the browser is not the problem. Can you please take a look on the back end and see if something is not set correctly.  Thanks! 

Hi,I have created an application (2404923) to upload the files to box from a program. It is in status “Pending Authorization”. How long it takes to get approved? Or how to know who can help approve my application?Thanks a lot 

using the .Net Sdki am not seeing the update metdata for a file  those are the fileds         public const string FieldSequence = "sequence_id";        public const string FieldEtag = "etag";        public const string FieldName = "name";        public const string FieldCreatedAt = "created_at";        public const string FieldModifiedAt = "modified_at";        public const string FieldDescription = "description";        public const string FieldSize = "size";        public const string FieldPathCollection = "path_collection";        public const string FieldCreatedBy = "created_by";        public const string FieldModifiedBy = "modified_by";        public const string FieldOwnedBy = "owned_by";        public const string FieldSharedLink = "shared_link";        public const string FieldParent = "parent";        public const string FieldItemStatus = "item_status";        public co

I'm trying to generate a Public/Private keypair in the developer console for my application, but it continuous to fail. I already set the 2FA, but still can’t generate my keys. I need help!

I’m trying to set up a new Platform App using JWT, but when I attempt to generate a public/private key, or upload my self-generated public key, I get an error about needing 2-factor on. My 2-factor is on. It then sends me to a dead-end page in Box outside of the Developer page.

I have a Box app with a valid Client ID and Client secret. The app is set to App + Enterprise Access. I also have “Manage Enterprise Properties” checked. I can receive a Bearer Token using the Client ID and Client secret. However, when I try to retrieve events using curlcurl -i -X GET "https://api.box.com/2.0/events" \ -H "authorization: Bearer <ACCESS_TOKEN>"I get thisHTTP/2 200 date: Fri, 11 Jul 2025 06:38:55 GMTcontent-type: application/jsonx-envoy-upstream-service-time: 70strict-transport-security: max-age=31536000box-request-id: 0ad50df19baed02f845ec8d10931bcb48via: 1.1 googlealt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000{"entries":[],"next_stream_position":30401049700682011,"chunk_size":0}% Why is my entries empty?

Hi, I am facing the issue where I’m getting back the following error when trying to enable webhooks for a folder via the API using a valid OAuth token:error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."Example of a request:curl -X POST "https://api.box.com/2.0/webhooks" -H 'authorization: Bearer '$BOX_TOKEN'' -H "content-type: application/json" -d '{"target": {"id": "0", "type": "folder"}, "address": "xxx", "triggers": ["FILE.UPLOADED", "FILE.TRASHED", "FILE.RESTORED", "FILE.MOVED", "FILE.RENAMED"]}'I can confirm that Manage webhooks is enabled in the console. I have also followed steps to here to make sure the app is enabled the app in the admin console. Note that there’s no authorization option for OAuth apps under Platform

I submitted a ticket with Support about not being able to access or enable the GxP feature and shared back screenshots where they said I should see the option to enable the GxP Sandbox and nothing was available, and Support said to open an issue with my Account Rep which I don’t have. I tried to open a ticket with Accounts, and it was closed in favor of the ticket with Support and marked as a duplicate which I wasn’t able to re-open to refute. So far I’ve been very unimpressed with Box and Box Support and am considering asking for a refund. Has anyone else been able to get GxP functionality setup with Box and how did you do it? We have the Enterprise Plus license which indicates GxP as a feature.  

Hello,I am trying to automate some workflows for our NGO with the help of the APIs of box. Right now I am testing the endpoints in bruno. Many endpoints are working fine with the developer token. However I can’t get the Box sign APIs to work. "The request requires higher privileges than provided by the access token."We are on the “nonprofit Starter” box plan with 25k API calls per month.I have submitted and approved the app to our workspace. I have enabled all scopes within the app that I see (however I see none specific to box sign): Box sign is enabled for our organization and working fine manually: Are box sign APIs only available for higher tier subscr

In box developer I have setup a platform app to connect and sync some data from an Ubuntu server using rclone.I have done all steps correctly but upon connecting i get error 403 forbidden, though the access token is valid.Probably, while doing some tests for the script, seems like box banned the server ip.I tried reproducing from other machine using the same platform app, and everything works.How can box.com remove IP from blacklist?I am not using paid account yet, I am on the free tier, but I am not willing to proceed to premium if such block encounters.

Hi everyone!  I am using Box CLI through my command line. I managed to bulk-create 400+ folders and generate individual shared links. So far it was working great. Since I need the shared links to be open to the public, I used the shared-links:update command to open them up in bulk, but for each entry on the .csv it shows the following message: Unexpected API Response [404 Not Found | aei9xvi30io52itj.039fa4e7915631e5159561a174d9cf7f5] not_found - Not Found I know it’s not an authorization/access issue because if I do the command manually (i.e., not through bulk-file-path), it goes through for the individual folder. I can't do it manually for the 400+ folders, so I would appreciate any guidance on how to bypass this issue which is not very specific to troubleshoot. Thank you in advance!

Hi All. I am working on downloading some files and folders from box. I have two apps, one created back in 2022 and one created last week. The two apps have identical setup (apart from the old one having the “App Details” option set to “Select an option”),When attempting to download the files with the old one all is good and the files are downloaded. However when I use the new one I receive the following response for downloading the files: “access_denied_insufficient_permissions”.It is very odd as they use the same code to generate the auth token and url (files/{fileId}/content). As mentioned the permissions are the same:Authentication method: OAuth 2.0 with JSON Web Tokens(Server Authentication); App Access Level: App + Enterprise Access; Application scopes: All selected; Advanced features: All selected;Both apps are authorized.I even added a check with url: “/files/{field.id}?fields=permissions,c

Hi Box Support / Community,I’m working on a Box integration where I need to programmatically retrieve only all files and folders that were modified within a given date range — for example, from 2025-06-22 to 2025-06-28.What I’ve Tried: 1. Search API with updated_at_rangeI referred to the SDK documentation here:📖 Box Python SDK Search Query DocumentationExample:search_results = client.search().query( query='S',ancestor_folder_ids=[folder_id],updated_at_range=('2025-06-22T00:00:00Z', '2025-06-28T23:59:59Z'))Issue:This still returns records whose modif

Based on the following documentation, we have set setConnectTimeout and setReadTimeout to 300000 milliseconds, but even after 30 minutes have passed, no timeout error occurs and the application continues to wait for a response from Box.https://opensource.box.com/box-java-sdk/javadoc/com/box/sdk/BoxAPIConnection.html When we captured a thread dump while waiting for a response, we observed the following stack trace:at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)at com.box.sdk.BoxAPIRequest.trySend(BoxAPIRequest.java:720)at com.box.sdk.BoxAPIRequest.sendWithoutRetry(BoxAPIRequest.java:378)at com.box.sdk.BoxDeveloperEditionAPIConnection.authenticate(BoxDe

(en)Hi, I'm a Box user in Japan and I'm researching integrations with the Box AI API for Hubs.What kind of error response will be returned when the maximum number of calls per user account in the Box AI API is reached?--(ja)こんにちは、日本のBoxユーザです。Box AI API for Hubsとの統合機能の調査をしています。Box AI APIのユーザアカウント毎のコール数の上限に到達した場合、どのようなエラーレスポンスが返却されますか？ 

Hi community,I'm looking for the base URL to access the List user and enterprise events API endpoint specifically for FedRAMP(Gov cloud) supported environment.Could someone please provide:The correct base URL for making API calls to the FedRAMP cloud instance Confirmation that this specific API endpoint (List user and enterprise events) is supported in the Gov cloud offeringThank you for your assistance!