ReadOnly Downloads

SOLVED
Go to solution
Highlighted
New Contributor

ReadOnly Downloads

Read all of this before Commenting.  

 

At this time our project needs  to have read only access to a user's data through the API, and we would prefer that when we ask users to grant us permission to access their data in Box via OAuth2, that they are only giving us read permission, to have one less source of liability.

 

So at the moment, I'm still testing our project on my own Box account.  When I authorized our app with only 

Read all files and folders stored in Box 

checked, I was able to view the list of files and folders in my Box, but unable to download files.

 

Thank you for any help you can provide.

 

After doing a few searches, I found this thread, where another developer had the same problem, and a Box employee explained that downloading a file updated certain file stats, so write permission was required.

After checking:

Read and write all files and folders stored in Box

and reauthorizing the app, I was able to download the file.  

 

That's nice and all, but again, I would really rather not have write permission unless I need it.

 

Now in that same thread, the Box employee also discussed using downscope to limit permissions.

This part in particular caught my eye

I was working on a sample recently for this same issue and wanted to provide some more context. 
It appears that if you set the token downscope scopes to only 'item_read'
it'll allow the download. Here's a sample in Node that shows you that process:

I was able to get the downscope token working with read/write permissions, but not with read-only.

 

It was afterwards that I noticed that in the list of available scopes, it says that the Parent scope.must be root_readwrite.

 

So, in case the question wasn't obvious enough from the rest of this post:

Is there a way to download a file from a user's account without having write permission?

 

I'm having a difficult time believing Box would not have a way to do this.  It would be a really, really stupid and unnecessary source of liability if that were the case.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3 REPLIES 3
Box Employee

Re: ReadOnly Downloads

Hello, 

 

@JacobFWells  Unfortunately it is not possible to download files without using the read/write scope. 

 

Best, 

Kourtney 

New Contributor

Re: ReadOnly Downloads

Thank you.  That's really disappointing to hear though.

First-time Contributor

Re: ReadOnly Downloads

Does this mean the PDF's MUST be uploaded with this feature selected?  I unable to saveas or download so then I can make comments using Bluebeam s/w.