Skip to main content
Question

How to manually connect to user endpoint in .NET?

  • May 22, 2025
  • 3 replies
  • 30 views
C
Forum|alt.badge.img

I'm doing the following with no success:

 

using (HttpClient client = new HttpClient())
{
    string checkIfAccessTokenIsValidUri = "https://api.box.com/2.0/users/";

    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", boxAuth.AccessToken);

    var request = await client.PostAsync(checkIfAccessTokenIsValidUri, null);

}

 

I tried to also add the client_id and client_secret to the headers, but it did not work - response.StatusCode is always Forbidden.

Any help would be appreciated.

    3 replies

    C
    Forum|alt.badge.img

    Hi ,

     

    That error will generally mean that your access token that you are sending to Box is invalid. This might mean that you're not sending along the proper credentials, the scopes / settings in your app do not allow you to access the endpoints you are trying to access (e.g. users), or that the token has expired.

     

    Here's some info that should help guide you:

    1. This guide shows you how to go through the auth process with Box manually. This section of the guide will show you how to make a manual request to one of the endpoints, which you can mirror for the user request if you'd prefer not to use the .Net SDK.
    2. If you need guidance on setting up your app, this guide will help.
    3. If you need guidance on which scopes are needed, this section will help.

    Thanks,

    Jon

    C
    Forum|alt.badge.img

    The code I have written works for the provided example in the docs (the folders endpoint - https://api.box.com/2.0/folders/0 ), but for some reason when accessing "https://api.box.com/2.0/users" I get forbidden response, even though I know the access token is valid.

     

    Am I missing something? Is the endpoint correctly written? Thanks.

    C
    Forum|alt.badge.img

     This may be because the GET https://api.box.com/2.0/users endpoint is only accessible by enterprise administrator accounts; that endpoint lists all the users in a given enterprise.  A better choice of endpoint for just checking if a token is valid would be GET https://api.box.com/2.0/users/me, which returns the user for whom the request is authenticated.

    Terms of ServiceAccessibility statement