Retrieve comments for a file owned by non active user

Question

I'm attempting to retrieve comments on a file via the api, but I am getting a 403. When I do a GET request here https://api.box.com/2.0/files//comments, with an As-User header, I receive this as a response.   {
    "type": "error",
    "status": 403,
    "code": "access_denied_insufficient_permissions",
    "help_url": "http://developers.box.com/docs/#errors" target="_blank">http://developers.box.com/docs/#errors>" target="_blank">http://developers.box.com/docs/#errors" target="_blank">http://developers.box.com/docs/#errors>>",
    "message": "Access denied - insufficient permission",
    "request_id": ""
}   I'm able to do this on the admin users files fine, and also able to access other endpoints such as collaborations/tasks/metadata with an As-User header.  One thing to note is the user is not active. They are set to "Cannot delete, edit & upload". If I set them to active, the request works. What I don't understand is why I can do the other endpoints while the user is in the "Cannot delete, edit & upload" state.  Is this expected?

community-manager · Answer

Hi,I ran a few app tests to verify, but this is due to scope requirements on the "Get comments" endpoints. Basically that endpoint is only made available with the read & write scope, but not with just read. Most likely this is due to some metadata on access being written to the file during the call.Why this is impacting you is because a non-active user is set to not be able to edit the content, so since write permissions are needed by that call (and not the other endpoints you mentioned) the call will fail.We're working on adding transparency to the docs to make it much easier to understand how scopes impact endpoints, but for the time being that's the main reason for the error that you're seeing.Hope that helps,Jon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded