Skip to main content

I have created a webhook as part of an application in Box. The application has a service account. The service account has all scopes possible (just make sure I didn’t miss anything). The service account is a co-owner of the folder that the webhook monitors.



However,



when I use the code examples from here and here I am unable to see the webhook (I receive a 404).



Is this a permissions issue or am I doing something wrong?



I have tried impersonating as the owner of the folder but I get a 403 response.



import boxsdk

import json

from boxsdk import JWTAuth

from boxsdk import Client





def build_client():

auth = JWTAuth.from_settings_file('box_settings.json')

client = Client(auth)

return client



client = build_client()

webhooks = client.get_webhooks()

Hi @alex.ba , welcome to the forum!



As I was going through the messages, I found your comment on an old topic, created a new one, and now saw this one. So, I’ll remove those.



So yes, this is a issue. The webhooks can be listed using the API/SDK by the user who created them.



For example this JWT application has a webhook created by myself. The service account user can not retrieve it, but the user can.





The best approach here is to create the webhook using the API so it is associated with the service account as a system configuration/initialization.



Note that the webhook will work, independently of who created it, and your application can still validate the key to see if it is a legitimate request.



Let us know if this helps.



Best regards



Rui


that did it, thank you!


Reply