From a user (or access token of a user) who currently has access to the desired item, add the user as a collaborator on the file, the parent folder, or a another folder higher in the containing folder structure.
Root Cause
Box has a content access permissions model based on Collaborations which follows a waterfall design. Users only have access to the folder they are invited into and any subfolders beneath it. In general, it is best to provide the user with collaboration permissions to the desired item (via a file or folder collaboration) before attempting to make API calls to the item. The most scalable way to manage user collaborations in bulk is with Groups.
Common scenarios to check for:
Admin attempting to access content of a managed user, but without collaboration permissions to said content.
Service Account for a Server Auth, application access app attempting to access content of a managed user. Since the managed user is not an app user under the application, the call will return a 404. To make calls outside to content owned outside of the application's Service Account or App Users, enterprise access is required.
Service Account for a Server Auth app attempting to access content of a managed/app user, but without collaboration permissions to said content.
App or Managed users attempting to access content owned by another user, but without collaboration permissions to said content.
An application with the Global Content Manager scope making calls to items owned by an external user - the GCM scope disallows this.