Skip to main content
Question

Transfering content from App Users to Service Account

  • May 22, 2025
  • 3 replies
  • 40 views
C
Forum|alt.badge.img

I am looking to update an integration with Box to switch file ownership from App Users to the Service Account.

 

Though I'm working through the Python SDK, I followed the example in the documentation for this scenario: https://developer.box.com/docs/deprovision-user-accounts

 

 

from boxsdk import Client, JWTAuth
auth = JWTAuth(
    client_id='our_client_id',
    client_secret='our_app_secret',
    enterprise_id='our_enterprise_id'
    jwt_key_id='our_public_key_id',
    rsa_private_key_file_sys_path='path_to_private_key',
    rsa_private_key_passphrase='our_passphrase',
)
access_token = auth.authenticate_instance()
client = Client(auth)
service_account_user = client.user().get()
app_user = client.user('app_user_id_to_transfer_from').get()
app_user.transfer_content(service_account_user)

 

 

The Box API response at the end is a 403 with the header fields error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token." 

 

Any insight into why the API isn't allowing me to complete this operation?

 

Thanks!

    3 replies

    C
    Forum|alt.badge.img

     

    Would you be able to provide the full body response of the error message, a date/time/timezone you received the error, and your client ID? I can a closer look at this from the backend. 

     

    If you aren't comfortable sharing that information here, please open a ticket with our Product Support team at support.box.com and include the info above. 

     

    Best, 

    Kourtney

    Box Technical Support Engineer

    C
    Forum|alt.badge.img

    Thanks for the quick response .

     

    Here are the response fields captured in the exception returned by the SDK:

     

    Message: None
    Status: 403
    Code: None
    Request ID: None
    Headers: {'Transfer-Encoding': 'chunked', 'BOX-REQUEST-ID': '0or29aumrfivnqrh64jej5bdukp', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Date': 'Tue, 02 Jul 2019 19:15:58 GMT', 'WWW-Authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."'}
    URL: https://api.box.com/2.0/users***phone number removed for privacy***/folders/0
    Method: PUT
    Context Info: None

     

    This corresponds to a request sent today, July 2, at 3:15pm EST. The client ID is o7or2lm976x0s5adtou5z8tuxf777c7f.

    C
    Forum|alt.badge.img

      Thanks so much for the info! In order for this call to be successful you will need to change the application scope to "enterprise" and ensure the "manage users" scope is enabled. After making these changes, ensure you re-authorize the application in the admin console and obtain a new token. 

    Terms of ServiceAccessibility statement