Box Platform

Hi everyone,I’ve been testing the Content Sidebar UI Element via the CDN and noticed that the “Open With” option isn’t showing up. After digging into the docs and doing some trial and error, I wanted to confirm what I found in case others hit the same thing: The hasOpenWith parameter used to be part of Sidebar, but it only works for Enterprise accounts where App Integrations (Google Docs, Adobe, Box Edit, etc.) are enabled by an admin. On Free/Personal plans, those integrations aren’t available, so the Open With option won’t appear in the Sidebar at all, even if you set the flag in code. The current Sidebar options you can use on Free plans are: hasActivityFeed, hasMetadata, hasSkills, and detailsSidebarProps. So if you’re on a free plan and wondering why you don’t see “Open Wit

My BOX and Salesforce connection was working fine, and the connection was established between the BOX and Salesforce until last week. Starting this week, I am getting “Invalid Crypto Error” while Salesforce and BOX tries to connect.No, update is being made on the Private Key, and the Private Key is not expired as well, and no updates are being made on the BOX as well. All of sudden, the connection between BOX and Salesforce died on me. I tried to look for this issue in BOX and found this article which is not so helpful. My Private key is not encrypted to follow the encryption. I am using PKCS#8 PEM Format Private Key to connect it to BOX. Any suggestion or help on this issue will be really appreciated.Thank you!

I’m using the following snippet, I don’t receive any event in uploaderClose method. var configData = { ACCESS_TOKEN: "XXXXXXXX", FOLDER_ID: "XXXXXX" }; function uploaderClose(e) { console.log('close:', e); } var optionsUploader = { 'onClose' : uploaderClose } var options = { 'container': '.explorer', 'contentUploaderProps': optionsUploader } var contentExplorer = new Box.ContentExplorer(); contentExplorer.show(configData.FOLDER_ID, configData.ACCESS_TOKEN, options);

During call to query folder by metadata I'm getting HTTP 400 - too_many_instances, this is happening just with one box subscription, it's working for the other oneRequest:curl --location 'https://api.box.com/2.0/metadata_queries/execute_read' \--header 'box-version: 2024.0' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer ****' \--data '{ "from": "enterprise_1234.metadata", "query": "entityId = :entityId and entityType = :entityType", "query_params": { "entityId": 1, "entityType": "TEST_FOLDER" }, "fields": [ "id" ], "ancestor_folder_id": "0"}'Response:{ "type": "error", "status": 400, "code": "too_many_instances", "help_url": "https://developer.box.com/reference/post-metadata-queries-execut

issue 1: Were I have a box account as a admin and have the access to the whole box and things in there i am a partner on a box app in the developer console which i can’t able to access to the webhook v2 (with the signature and security) there i have enabled the manage webhook there but i can’t be able to use the webhook tab in there and use them there…issue 2: were there is no option for creating the access token (the permanent developer token) for my application there i need the specific steps to do it and enable them as well.. I need the proper steps to mitigate these issues and solve it the docs of the box are not suffice in some aspects in there which misses out the the primary and complete steps in there can you guide me through the steps to solve these things in there. 

In today’s digital world, education has expanded beyond classrooms. Many parents now prefer online platforms for teaching their children important subjects, including religious education. One of the most effective ways technology is being used is through online Quran learning platforms.These platforms offer: Interactive classes with qualified teachers. Flexible schedules that suit children across different time zones. Digital resources like Noorani Qaida, Tajweed rules, and translation guides. Safe learning environments with parental supervision options. At Quran Kids Online, we provide kids with structured online Quran classes that include Tajweed, memorization, and translation. Our mission is

 OverviewWhen executing the following API, only certain accounts are unable to retrieve the file list, which prevents the process from proceeding.If you have any insights on possible causes or solutions, I would greatly appreciate your guidance. Target APIhttps://api.box.com/2.0/folders/${folderId}/items?fields=id%2Cname%2Ctype%2Cmodified_at%2Cextension%2Cshared_link%2Cexpiring_embed_link&limit=100&offset=0 OAuth Endpoint Authorization: https://account.box.com/api/oauth2/authorize Revoke: https://api.box.com/oauth2/revoke Scope

Hey allI’m trying to use the Box Typescript SDK’s `client.search.searchForContent()` method to query for Folders using `tags`. There are two routes that I tried, both did not result in success, so was hoping someone knows what’s going on. The two routes were:Update Folder `tags` property:on Folder Create, add step which calls PATCH Folder (`client.folders.updateFolderById`) and update `tags` property const folder = await this.scopedClient.folders.updateFolderById( folderId, { requestBody: { tags: tags }, } ); oddly, when I GET Folder after this PATCH, I don’t see the “tags” attribute defined (ie: `tags: undefined`). I tried the same call, with both `name` and `tags`, and still, `tags` was not updated, however `name` was updated and changed

Hi, I couldn’t find any information on whether I can create custom apps on Business and Business Plus plans. And if we can, can we enable the “App + Enterprise Access” scope for the custom app? Thanks!

Hi, im using n8n box create folder node, sometimes i get this error, seems like box api issues?{  "errorMessage": "The DNS server returned an error, perhaps the server is offline",  "errorDetails": {    "rawErrorMessage": [      "getaddrinfo EAI_AGAIN api.box.com",      "getaddrinfo EAI_AGAIN api.box.com"    ],    "httpCode": "EAI_AGAIN"  },  "n8nDetails": {    "nodeName": "Create a folder",    "nodeType": "n8n-nodes-base.box",    "nodeVersion": 1,    "resource": "folder",    "operation": "create",    "time": "8/11/2025, 5:29:04 PM",    "n8nVersion": "1.102.3 (Self Hosted)",    "binaryDataMode": "default",    "stackTrace": [      "NodeApiError: The DNS server returned an error, perhaps the server is offline",      "    at ExecuteContext.boxApiRequest (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-nodes-base@file+packages+nodes-base_@aws-sdk+credentia

Hello Box Community,I’m working on integrating Box with my application and want to establish a security policy federation. Specifically, I want to map user permissions from Box to my application’s permission model, ensuring consistent access control across both platforms.So far, I have explored the following: The Get File API to retrieve permissions, but it only returns permissions for the current user. This means I would need to get all enterprise users and execute the Get File API for each user individually to gather permissions for all users, which seems inefficient. The Collaborations API to retrieve collaborators on files and folders. Is there any existing solution, best practice, or recommended approach for: Federating security policies between Box and an external application? Efficiently mapping Box user permissions or roles to custom permissions

I’m an admin in our Box Business (not plus) account and have already enabled all the required permissions as outlined in the Box documentation.I’m trying to impersonate a user using the As-User header, but when I use an OAuth 2.0 access token obtained via the refresh token flow, I consistently receive a 403 Forbidden error.However, when I use a Developer Token generated directly from the Box Developer Console (UI), the same API call works without issues. What could I be missing here?Does the Developer Token grant broader permissions compared to tokens obtained via the OAuth 2.0 refresh token flow?Is there something I need to configure differently during authentication to ensure the correct permissions or context are applied?  

Thought I read somewhere that free accounts can’t upload files using the Python API, but I couldn’t find anything about it in the docs.Anyone know if that’s still true?

I’m building a web application (React + Node.js) that integrates Box for document storage and collaboration using the Office Online editing feature. Here's a summary of our use case:✅ Use Case Overview: Users in our app upload various documents (e.g. .docx) for collaboration purposes When a document is uploaded: It is saved to Box via the API We store the file_id and metadata in our own database The user interface (our app) allows users to: Preview documents (via embedded Box preview) Edit documents (in Word Online) 🔐 Access Design: All Box operations are handled by a single Box service account End users do not have Box accounts Wh

In my iOS app, I am using UIDocumentPickerViewController to pick a file from a Box Drive file provider. I am using startAccessingSecurityScopedResource on the url I receive and register an NSFilePresenter for this url to get change notifications. When I read the contents of the file, I am using file coordination.  Reading the initial content is working fine. When now however the file is changed on some other machine, I expect a change notification from the file presenter and I should be able to read the fresh data from the updated file. This is however not working. I am only getting fresh data, when I terminate my app and re-pick the file with the UIDocumentPickerViewController.Is this a fundamental limitation of the Box Drive file provider under iOS or is there some secret on how to get fresh data while the app is running?

I'm trying to generate a client secret on my developer account. I have fully set up MFA (see screenshot below). Whenever I try to click "Fetch Client Secret", it redirects me to "https://app.box.com/login/mfa?redirectUrl=/developers/console/app/2363167/configuration&from=dev_console" and I then get the below screenshot. This is a bug, can somebody please help me?

I noticed that there is a change on Jun 24th, 2025 about Enhanced extract agent.Could you please tell me when I can use extract agent successfully in my code？(now when I post request to https://api.box.com/2.0/ai/extract I will get response with 400 bad request)Thank you for your support.

I’m trying to clarify MCP billing.1. Remote Box MCP Server  2. Self‑Hosted Box MCP Server  The Self‑Hosted Box MCP Server uses the Box SDK internally, which makes the underlying API calls. I think this is chargeable.Docs say:• Partner Integration is non-chargeable.  • Custom App is chargeable.For case of remote box mcp server, will the API calls be marked as chargeable or not?

https://api.box.com/2.0/users call fails eventhough right permission set thru developer portal

We have many different organizations using our integration with Box.  All of them except for one obtains and uses OAuth refresh tokens, all day, every day.One organization in particular is complaining about "losing their connection" with Box.  The scenario is that the user has not used their OAuth connection in over an hour, so the OAuth token is expired;  we use the refresh token to obtain a new OAuth token (and new refresh token), but the request fails with the error; "invalid grant"  "Invalid refresh token" It hasn't been 60 days, so that's not the error (that error reports "timeout" which is not what we're seeing.    It's not an attempt to use the same refresh token more than once (we've eliminated that possibility).In other OAuth systems, I know that if the user changes his password that it will invalidate any outstanding OAuth refresh tokens.  Could this be the case here?   Are there any other cases in which would cause an OAuth refresh token to become inv

I'm currently using a Box Individual Plan and I'm developing an integration with ServiceNow using the Box Developer Platform.However, with my current plan, I’m unable to generate the Primary Key and Secondary Key, and I also do not see the Webhooks section available in the admin console or developer settings.https://www.servicenow.com/docs/bundle/yokohama-integrate-applications/page/administer/integrationhub-store-spokes/task/setup-webhook-box-spoke.htmlCould you please confirm:  Does the Box Individual Plan support the use of Webhooks v2 via the API? If not, which minimum Box plan i

While i was working on Box Preservations Im stucked while assigning the Hold policy to user / folder with the following endpoint.https://{{api.box.com}}/2.0/legal_hold_policy_assignmentsPayload: {  "policy_id": "3710887",  "assign_to": {    "type": "user",    "id": "2262844940"  }}The access token was generated with all the scopes mentioned as belowroot_readwrite manage_app_users manage_groups enterprise_content manage_legal_holds manage_legal_hold_policies manage_legal_hold_policy_assignmentspolicy creation is working fine with the app Onna Enterprise [Stage]. But this is failing with error {    "type": "error",    "status": 403,    "code": "access_denied_insufficient_permissions",    "help_url": "

I have recently set up a free Box account. I’m having issue with Requesting a Signature. The request signature box is grayed out. Why? Based on the data for the free account, I should have the ability to send 5 documents for signature per month. I have not routed any documents for signatures in July. Please advise. Upon logging in with my EDGE Browser, this is the error message that I receive. I’ve current using another Box account with the same browser, so the browser is not the problem. Can you please take a look on the back end and see if something is not set correctly.  Thanks! 

Hi,I have created an application (2404923) to upload the files to box from a program. It is in status “Pending Authorization”. How long it takes to get approved? Or how to know who can help approve my application?Thanks a lot 

using the .Net Sdki am not seeing the update metdata for a file  those are the fileds         public const string FieldSequence = "sequence_id";        public const string FieldEtag = "etag";        public const string FieldName = "name";        public const string FieldCreatedAt = "created_at";        public const string FieldModifiedAt = "modified_at";        public const string FieldDescription = "description";        public const string FieldSize = "size";        public const string FieldPathCollection = "path_collection";        public const string FieldCreatedBy = "created_by";        public const string FieldModifiedBy = "modified_by";        public const string FieldOwnedBy = "owned_by";        public const string FieldSharedLink = "shared_link";        public const string FieldParent = "parent";        public const string FieldItemStatus = "item_status";        public co