Skip to main content
Question

How to use OAuth2 client_secret, client_id in API Upload File?

  • May 22, 2025
  • 5 replies
  • 51 views
C
Forum|alt.badge.img

Hello, i'm using the Box api for upload a file to my space, when i use the Developer Token i can success upload my file but when i use the token that i generate using the OAuth2 i get a parentId "not found" error, so, how is the correct way that i should use the OAuth2 token?

Note:

  • When i use my developer token i send the parent Id = 0, (root folder of Box space), works fine.
  • When i try to send the file using the OAuth2 token i already tryed it with parentId = 0 and also one of the Ids of my folders but i obtain the already explained error result
  • The way i´m requesting the OAuth2 token is with the clientId, clienteSecret and grant_type = client_credentials

    5 replies

    C
    Forum|alt.badge.img

    Hello, 

    If you're authenticating with the client credentials grant type the default token is going to be associated with the app's service account. Whereas a developer token is associated with the user who's logged into the developer console when the button is clicked. Therefore, you have a few options for how to solve this: 

    • Obtain a token for your user instead of the service account. This is done by: setting box_subject_type to user setting box_subject_id to your own user ID. 
    • Collaborate the service account user email address (AutomationUser_xxxx_xxxxx@boxdevedition.com) on the content it needs to be able to access. To get the email address of this user I would make a call to the get current user endpoint. 

    Best, 

    Kourtney 

    C
    Forum|alt.badge.img

    Hello @Kourtney i try to pass my: clientId + clientSecret + box_subject_type = user and box_subject_id = (my_box_developerConsole_client_id) but it did not works, the Box reponse was: 

    {
        "error": "unauthorized_client",
        "error_description": "The \"box_subject_type\" value is unauthorized for this client_id"
    }

    sorry but, what i'm doing wrong?

    C
    Forum|alt.badge.img

    I suspect you may not have selected the correct authentication type when the application was created in order to authenticate this way. Can you check that it says "OAuth2 with Client Credentials Grant (Server Authentication)" under the configuration tab?

    C
    Forum|alt.badge.img

    Hello Kourtney, and thanks for the support, i really need it, sorry i have not it  "OAuth2 with Client Credentials Grant (Server Authentication)" coz when i create the app i select "Custom App"

    BOX__yElXvekW8omP5fPdroR99Q.png

    i need to create a Limited App?

    again thanks for the Support 

    C
    Forum|alt.badge.img

    Hello and good morning, @Kourtney i will create other Custom App please help me to configure it from zero, i want to ble able to get a token to access box just using the clientID and the clientSecret, of course, if its is possible.

    I know that when i create a custom App, first, i need to pick the Auth method what i need to select? and whats next after this?

    Terms of ServiceAccessibility statement