Skip to main content
Question

Change user's login api returns 403

  • May 21, 2025
  • 7 replies
  • 45 views
C
Forum|alt.badge.img

Hello, 

I am trying to change a user's login email address. Sometimes this API works for me, sometimes it doesnt and I am not sure why. I do not have access problems with the other APIs, only this one: https://docs.box.com/reference#changing-a-users-primary-login

 

GET https://api.box.com/2.0/users/removed for privacy/email_aliases

{
"total_count": 1,
"entries": [
{
"type": "email_alias",
"id": "5203057",
"is_confirmed": true,
"email": "***@example.com"
}]}

 

PUT https://api.box.com/2.0/users/removed for privacy

{"login": "***@example.com"}

 

response:

{
"type": "error",
"status": 403,
"code": "access_denied_insufficient_permissions",
"help_url": "http://developers.box.com/docs/#errors",
"message": "Access denied - insufficient permission",
"request_id": "removed for privacy5797dec1d1eb3"
}

    7 replies

    C
    Forum|alt.badge.img

    ping. please help

    C
    Forum|alt.badge.img

    ping again.

    C
    Forum|alt.badge.img

    It doesn't help that the "help_url" that's returned isn't even valid as there is no anchor called "errors" on that page.

     

    Did you open a support ticket?  I find the forums to be pretty hit or miss on getting helpful responses.

    C
    Forum|alt.badge.img

    Thanks, I have submitted a ticket.

    C
    Forum|alt.badge.img

    Did you get a solution for this? I am seeing the same issue. One account I can change the login no problem, the next I get 403 access denied. Neither account is an Admin or Co-Admin account, just regular user accounts.

    C
    Forum|alt.badge.img

    A possilibity will be that access token was generated by a co-admin who has not enough permission to change user's property.. basically the API executer should be an admin or co-admin but if the co-admin doesn't have the permissions like  "manage users" or " edit settings for your company" etc it should return a 403 forbidden error..to clarify the cause try to run same API with access token which genereated by real admin users..

    C
    Forum|alt.badge.img

    Also, be sure that target primary login address is confirmed account. If not which meant that account has not used ever then the API call for primary login change will return 403 error..

    Terms of ServiceAccessibility statement