GET users endpoint returns 200 but the user list is empty

Question

[Using an Admin developer's account]
Getting the user list always returns 0 user entries.
I am using the OAUTH 2.0 Client Credentials Authentication Type.
I've managed to successfully request the access token, with the scope "manage_app_users", but upon GET request using the verified token, it returns a successful response without any user entry.
Using the "manage_managed_users" scope returns a bad request with desc "An unsupported scope was requested."
I've referred to the available scopes found here https://developer.box.com/guides/api-calls/permissions-and-errors/scopes/#manage-users
I have confirmed that I have two users. And I am also able to retrieve them using the developer's token generated from my app under Box's developers' console.
I have also confirmed my app's Application Scopes setup has the "Manage users" and "Manage groups" marked as checked. The app is also marked with "Authorization Status: Authorized" and "Enablement Status: Enabled"
I don't seem to have this problem when retrieving groups, using the scope "manage_groups". 
What is the issue here?

community-manager · Answer

Hi,Trying using the manage_managed users:curl --location 'https://api.box.com/oauth2/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'grant_type=client_credentials' \--data-urlencode 'client_id=h...qi' \--data-urlencode 'client_secret=T...38' \--data-urlencode 'box_subject_type=enterprise' \--data-urlencode 'box_subject_id=877840855' \--data-urlencode 'scope=manage_managed_users'I get a token, not an error:{    "access_token": "W...j",    "expires_in": 4303,    "restricted_to": [],    "token_type": "bearer"}Was there any other detail on the "unsupported scope" error message. Could it be you are asking for multiple scope and some other is unsupported?For example:curl --location 'https://api.box.com/oauth2/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'grant_type=client_credentials' \--data-urlencode 'client_id=h5z4c7jqyn95dh3n06tv92x3ceztj0qi' \--data-urlencode 'client_secret=TqbUwNZpmnINazieMaKAXRKR7wTZxA38' \--data-urlencode 'box_subject_type=enterprise' \--data-urlencode 'box_subject_id=877840855' \--data-urlencode 'scope=manage_managed_users admin_read_write'I get:{  "error": "invalid_scope",   "error_description": "Unsupported scope admin_read_write"}I can also confirm that the manage_managed_users scope does list all the users:{  "total_count": 7,  "entries": [    {      "type": "user",      "id": "18662105676",      "name": "Administrator"    },    {      "type": "user",      "id": "18662356345",      "name": "Administrator"    },    {      "type": "user",      "id": "18661971368",      "name": "Administrator"    },    {      "type": "user",      "id": "22240548078",      "name": "Investment User"    },    {      "type": "user",      "id": "22240405099",      "name": "Wealth User"    },    {      "type": "user",      "id": "22240545678",      "name": "Wholesale User"    },    {      "type": "user",      "id": "18622116055",      "name": "Rui Barbosa"    }  ],  "limit": 100,  "offset": 0}The most common issue here is when we change the application configurations, for example, the application scopes, and then forget to re-submit the app.Would you try to re-submit the app on the authorization tab, have your administrator approve it, and then try again.Let us know if this helps.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded