SDKs and Tools

We want to make you aware of a recent effort by certain third-party bad actors to leverage free Box developer accounts in a social engineering attack on certain Box free individual accounts. Upon discovery of this issue, Box decided to temporarily disable new sign-ups for free developer accounts while we work to implement additional technical controls to prevent similar efforts in the future. The security and integrity of our Service is of utmost priority to Box, and we must ensure that we are providing the most secure product experience to our customers. We understand that some Enterprise customers use these free developer accounts for their own business purposes, and that they may have questions about their inability to sign-up new free accounts. Please use the following talking points when addressing these Customers’ questions or concerns: Any free developer accounts that were in place before March 9, 2023 are unaffected by this action; Customers may

Hi, Last year we had to disable the creation of free developer accounts due to abuses from some bad actors. You can read about it here: Free developer accounts -Please READ I’m happy to inform that creation of free developer accounts is now back! To create a free developer account simple navigate to the developer signup. The main difference between the free developer account and a simple free account is that the developer version has access to the administrator console which will allow you to authorize JWT and CCG applications. Stuck with OAuth 2.0? Not anymore! Enjoy!

Hi folks, For those of you using the Box Postman advanced collection with JWT authentication, with a recently generated private key, you might be having error when the pre-request script tries to get a new access token. The error in question is a malformed PCKS. The reason behind this is that Box has updated the encryption method of the private key to something not supported by the JSRSASign v10.x. The good news is that the new version of JSRSASign (v11.x) does support it. While we fix the collection here is a quick fix: Download the JSRSASign from the CDN. Go to and select the Box Advanced collection

We have a number of users outside of our domain that were inappropriately added as managed users. I want to roll them off the enterprise and convert them to external users, but when using box-sdk-gen and emit a client.users.update_user_by_id(xxxx, enterprise=None) nothing happens. It seems to execute successfully, but fetching that user again shows that the enterprise information is still present. If I try to execute with enterprise={'id':None} or enterprise='null' I get a 403 insufficient permissions error. I noticed that the type on the enterprise field is str so that’s why I tried the latter. { 'code': 'access_denied_insufficient_permissions', 'help_url': 'http://developers.box.com/docs/#errors', 'message': 'Access denied - insufficient permission', 'request_id': 'xxxxx', 'status': 403, 'type': 'error'} Raw body: {"type":"error","

I’m trying to use the .NET SDK to create a signature request for a file. My code is: public async Task<BoxSignRequest> CreateSignatureRequest(BoxUser user, string signerEmail, string emailMessage, string subject, string sourceFileId, string destinationFolderId) { var userClient = GetUserClient(user); //this uses the Client Credentials Grant to get a token for the user that owns the file BoxSignRequestCreateRequest createRequest = new BoxSignRequestCreateRequest() { AreRemindersEnabled = true, AreTextSignaturesEnabled = false, DaysValid = 10, EmailMessage = emailMessage, EmailSubject = subject, ParentFolder = new BoxRequestEntity() { Id = destinationFolderId }, Signers = new List<BoxSignRequestSignerCreate>() { new BoxSignRequestSignerCreate() { Email = signerEmail, LoginRequired = true,

My request is VERY basic. Get a list of thee following: List all top level folders List the path of the folder List the owners and co-admins List the size of the folder including subfolders List the number of items in the folder and subfolders Using JWT for this and have enabled all scopes with apps + enterprise access The real issue is that I STILL have to add the service account as a co-admin to get this data. How can I ensure my enterprise token access allows me to read data enterprise-wide? It is ridiculous that this isn’t even a report in the console that I must build a custom solution.

I cannot upload to the Box by calling API in the Azure Data Factory. I can not use SDK and I got HTTP 400 error , “Malformed stream” following is the Body that I created in the Azure pipeline:( it should be in JSON format) @concat('--------------------------9fd09388d840fef1 content-disposition: form-data; name=“attributes” {“name”:“testdev.xlsx”, “parent”:{“id”:“0”}} --------------------------9fd09388d840fef1 content-disposition: form-data; name=“file”; filename=“testdev.xlsx” content-type: text/csv ‘, variables(‘varFileContents’),’ --------------------------9fd09388d840fef1– ')

I have a ui which I manage authorization via Okta. So for a user to access the box files it creates a temporary shared link that expires after an hour. This link is opened by the UI and this has worked great for past month and lets me manage more advance authorization and such on my end rather than adding people to our folders directly. However, out of no where my code stopped working and its drawing an error at the creating the shared link and the stack trace doesnt give much info. Here is my code: public async Task<string> GetSharedLink(string Id) { try { BoxClient adminClient = _session.AdminClient(await token.FetchTokenAsync()); var sharedLinkParams = new BoxSharedLinkRequest() { Access = BoxSharedLinkAccessType.company, Permissions = new BoxPermissionsRequest { Download

Hello, I would like to know if it is possible to prevent an employee from being able to sign a document or to request a signature. Eventually I would like some help with the java sdk. Sincerely

Is there any way to differentiate the two types of file locks, as explained below?? A user can manually lock a file. A user can click the custom application’s web-integration and it can lock the file using BOX-APIs. I have a custom application with OAuth2.0 and Web Integrations. OnClick of a web-integration, I use node-sdk (Initialised with user’s auth-code) to lock the file. Later, I used the search API to get all files in the folder., Is there any way to identify the files locked via my application, using NodeSDK? I want to unlock them only, if it is locked by the application itself. I couldn’t find anything to achieve this. Can you help me find a workaround for this?? Is there any fields in lock object, that i can re-purpose for this use-case? Thanks, Sarin

I have been struggling to get a thumbnail representation through the .net sdk. I am able to get the url for the download but everytime I try to download it through an httpclient request to return a stream, the stream results and memorystream converted to base64 are unusable. I am unsure if my approach is not correct or if there is an issue with the sdk. My code is as follows: public async Task<string> GetThumbnailImageById(string Id) { BoxClient adminClient = _session.AdminClient(await token.FetchTokenAsync()); var requestParams = new BoxRepresentationRequest() { FileId = Id, XRepHints = "[png?dimensions=1024x1024]" }; BoxRepresentationCollection<BoxRepresentation> representations = await adminClient.FilesManager .GetRepresentationsAsync(requestParams); var url = representations.Entries.F

I am using Box-Node-SDK to fetch details of a file in my drive. As you can see in the below screenshot, I created the file and modified it multiple times. We can clearly see that I am the owner of the file., in the file details.

Hi Team, I got stuck when I tried to run the script from the repository Mini Box MediaInfo Video Metadata Uploader on GitHub. I followed the README instructions step by step, and I also check the Video on YouTube. When I ran the following command: python3 src/main.py -c I got the following error: ImportError: cannot import name ‘appengine’ from ‘urllib3.contrib’ Can anyone help me understand why I got this? Thanks.

Hi, What is the use of using the SDK when we already have API. We can directly use those API. I am trying to do chunk file upload. For that it initially creates a session and then uploads parts of a file (https://upload.box.com/api/2.0/files/upload_sessions/:upload_session_id) this the API to upload parts of a file. I checked in SDK how they uploading the parts of a file, in that they have handled all the file splitting and every required. But when I tried the https://upload.box.com/api/2.0/files/upload_sessions/:upload_session_id API in postman, I am not able to upload file. My question if SDK are handling these splitting functionalities, Does API also handle all the scenarios? What is the benefit of using SDK if we already have A

If I have my own logger+handler and not using BasicConfig… so like this… chandler = logging.StreamHandler() chandler.setFormatter(logging.Formatter('[%(levelname)s] %(asctime)s %(message)s')) logger = logging.getLogger("my_custom_logs") logger.setLevel(logging.DEBUG) logger.addHandler(chandler) I’m getting weirdness with client.uploads.upload_file_version where it hangs for 10mins, then the created version is blank. It’s not throwing any Exceptions and nothing lands in my logger What’s the correct way to get debug logs from the BoxClient?

Hi ! I’m using java1.8 version and trying to get the Token using Java SDK , but we got the below exception. Exception in thread “main” com.box.sdk.BoxAPIException: Error parsing PKCS private key for Box Developer Edition. at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:568)* at com.box.sdk.BoxDeveloperEditionAPIConnection.constructJWTAssertion(BoxDeveloperEditionAPIConnection.java:503)* at com.box.sdk.BoxDeveloperEditionAPIConnection.authenticate(BoxDeveloperEditionAPIConnection.java:327)* at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:182)* at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:216)* at com.arondor.flower.tools.box.util.BoxAPI.setAPI(BoxAPI.java:54)* at com.arondor.flower.tools.box.util.BoxAPI.getAPI(Bo

Hi @rbarbosa, I am also trying to fetch files and folders in content explorer, using metadata query in node/react. I am facing 2 issues: getting back all files and folders for a sponsorCode metadata as a response. But only files are getting displayed in content explorer. Folders are not getting displayed. I have 3 folders with different values for sponsorCode metadata(Folder 1- TESTF metadata, Folder 2- TESTR metadata, Folder 3- TESTM metadata. I am only able to fetch files/folders for TESTR metadata. Other searches are resulting in no data in response. I have waited for more than 48 hours after applying metadata. Can you pls help solve this?

Hello! Just wondering if anyone else has been getting a lot of 104 Connection reset errors being sent from the Python BoxSDK client. We have an API set up to receive webhook events from Box but will receive 104 connection events randomly that seem to cause an error executing the webhook endpoint. Most of the time it executes fine but when there is an error I noticed the 104 connection reset state will persist for a bit blocking the endpoint from executing properly. Wondering if there is a way to limit the amount of resets the boxclient will do to prevent blocking from what Im assuming is the retry logic.

I have created a box custom-app, with web integration and configured it as per the documentation. I can see my integrations in the context menu of files/folders and it is working as expected. However, the integration is not visible to other users. attached are the screenshots of my custom application and web-integration configurations. I can see the application with status as enabled., in “My Apps” in developer console.

Hi I am trying to fetch files and folders in content explorer, using metadata query in node. I am facing below issues: Getting back all files and folders for a sponsorCode metadata as a response. But only files are getting displayed in content explorer. Folders are not getting displayed. Also the response is flattened and not structured as folder / subfolders /files. I have done implementation as below : Search for Folder using Metadata Query - Box Platform / API - Box Developer Community Can you pls help solve this?

We are migrating large data from One account to another account after impersonation. But we are getting below error: “PUT https://api.box.com/2.0/folders/168610592762” 503 191 {‘Date’: ‘Wed, 01 May 2024 07:27:04 GMT’, ‘Transfer-Encoding’: ‘chunked’, ‘strict-transport-security’: ‘max-age=31536000’, ‘box-request-id’: ‘0af1d3bebe91c1803d1d3929c585bd86c’, ‘x-envoy-upstream-service-time’: ‘600024’, ‘Via’: ‘1.1 google’, ‘Alt-Svc’: ‘h3=“:443”; ma=2592000,h3-29=“:443”; ma=2592000’} {‘code’: ‘—able’, ‘help_url’: ‘http://developers.box.com/docs/#errors’, ‘message’: ‘Service Unavailable’, ‘request_id’: ‘0af1d3bebe91c1803d1d3929c585bd86c’, ‘status’: 503, ‘type’: ‘error’} I am using below API for migration of folder: folder_to_move = source_client.folder(folder_id) destination_fold

We are building an Integration in the box cloud: 1. Application Type: Custom App 2. Authentication Type: OAuth 2.0 3. Context Menu items are added using “Web Integration” The Web Integration (Context Menu) Configuration is: Supports all file extensions Integration Type is “Files” We are using BOX-NODE-SDK, to get the file details from the received fileId. On click of the web-integration, we received the authCode and fileIdin the API., Using the AuthCode, we successfully fetched the AccessToken. const sdk = new BoxSDK({ clientID: BOX_INTEGRATION_CLIENT_ID, clientSecret: BOX_INTEGRATION_CLIENT_SECRET, }); sdk.getTokensAuthorizationCodeGrant(authCode, null, function (err, tokenInfo) { const boxClient = sdk.getPersistentClient(tokenInfo); boxClient.files.get(fileId).then((file: any) => {