Error 404 sometime on a collaboration request for external user

Hi @katok ,

Sorry I edited your post, but I just updated the formatting to make it easier to read.

Without context, the error is telling you that folder 198762389512 was not found.

Assuming the folder in question does exist, then it means that the user associated with the access token does not have access to it.

This is something easy to test, using the same access token, check if you can get the information about the folder.

Something like this:

curl --location 'https://api.box.com/2.0/folders/198762389512?fields=id%2Ctype%2Cname' \

--header 'Authorization: Bearer 1!...7U.' \

If that also returns a 404 then the folder is not accessible by the user associated with the access token.

If that is the case, my next question is how do you obtain the access token and what type of authentication are you using.

For example CCG or JWT applications typically have their own service users, which could justify the discrepancy in the access. However both of them, depending on the configuration, can impersonate a user, which would in theory eliminate the problem.

On the other hand, OAuth applications are always associated with the user that authorized the application, and developer tokens are always associated to the user which created it.

Let us know.

Best regards

Hello,

very strange because I really got through sharing 2 folders with this method and for other folders, it doesn’t work. I use the Client Credentials Grant method to get my token and when I used this in mars (I come back these days to my development) it worked very well. Does the user that ask for the token has to be the main owner of the folder ?

Thanks for your help

Excuse me Rui,

I think I found the problem. Here is the solution in my screen copy. Those two folders are “connected” to my custom app so it’s normal that they have been set to the collaboration user.

Now, I can’t find out how to add some other folders to my App

maybe you can help.

Thanks in advance again.

Hello Rui, I found out, I juste had to find the email of my application and use it as an added user.

Thanks a lot.

Hi @katok

Assuming that the FileMaker is the service user associated to the app, and you want to collaborate a folder owned by some other user,.

For simplicity lets call the folder you want to share externally folder_to_share, the owner of this folder owner, and the service user FileMaker , you have 3 options:

• 
  

  In the folder_to_share add FileMaker as a collaborator - This seems to be the situation you have on your screenshot. Those blue folders seem to have been shared with the service user. From that point on the service client can access/see the folder_to_share. This manual sharing of folder might be harder to achieve.

  
  


• 
  

  Use the CCG to get a client (SDK) or login with the owner user - This depends on how your application is set up, but the CCG credentials can be used to impersonate any user.

  
  


• 
  

  Use the as-user header or get a as-user client (SDK) - This also depends on how your application is set up, but it will allow the service user to act on behalf of the owner user.

  
  

For the last 2 options to work your application must be set up with these options respectively:

If you choose the first option it might be challenging to find out which one is the service user, but you can make a call to the user.me end point to get the details.

For example using the API with an authenticated CCG service user:

curl --location 'https://api.box.com/2.0/users/me?fields=id%2Ctype%2Cname%2Clogin' \

--header 'Authorization: Bearer 7O...X5'

Results in:

{

    "type": "user",

    "id": "20706451735",

    "name": "CCG",

    "login": "AutomationUser_1803368_9rbDFPFJSf@boxdevedition.com"

}

You can use the login to create the collaboration from the owner side.

The other 2 options are a bit harder to demonstrate, so please bear with me.

I have a normal user logged in, obtained with the /users/me:

{

    "type": "user",

    "id": "18622116055",

    "name": "Rui Barbosa",

    "login": "barduinor@gmail.com"

}

And that user (Rui) owns this folder: 165803865043

curl --location 'https://api.box.com/2.0/folders/165803865043?fields=id%2Ctype%2Cname' \

--header 'Authorization: Bearer YN...z0' 

Result:

{

    "type": "folder",

    "id": "165803865043",

    "etag": "0",

    "name": "Preview Samples"

}

However if I switch back to my CCG user, the CCG user can’t:

curl --location 'https://api.box.com/2.0/folders/165803865043?fields=id%2Ctype%2Cname' \

--header 'Authorization: Bearer 7O...X5' 

Result:

{

    "type": "error",

    "status": 404,

    "code": "not_found",

    "context_info": {

        "errors": [

            {

                "reason": "invalid_parameter",

                "name": "item",

                "message": "Invalid value 'd_165803865043'. 'item' with value 'd_165803865043' not found"

            }

        ]

    },

    "help_url": "http://developers.box.com/docs/#errors",

    "message": "Not Found",

    "request_id": "wzr1cmhjykdlzvvk"

}

For Option 3, I pass the as-user header pointing to Rui user id:

curl --location 'https://api.box.com/2.0/folders/165803865043?fields=id%2Ctype%2Cname' \

--header 'as-user: 18622116055' \

--header 'Authorization: Bearer 7O..X5' 

Notice it is using the same access token, resulting in:

{

    "type": "folder",

    "id": "165803865043",

    "etag": "0",

    "name": "Preview Samples"

}

Option 2 means I get an access token using the CCG client_id and client_secret, user on the box_subject_type , and Rui user id in the box_subject_id

Now I’m effectively logged in as Rui but using the CCG credentials:

curl --location 'https://api.box.com/2.0/folders/165803865043?fields=id%2Ctype%2Cname' \

--header 'Authorization: Bearer iA...9R' 

Notice the different access token:

{

    "type": "folder",

    "id": "165803865043",

    "etag": "0",

    "name": "Preview Samples"

}

Let us know if this helps, and which of these options is adequate to your app.

Cheers

😃 I wasn’t fast enough.

Cheers