Product Guides are now available in the beta release of the redesigned, AI-powered docs.box.com. Check out all the details on what's changed.

Box Status
Print

API [Content API] - 404 "not_found" Errors from the Box API

API , Troubleshooting , Admin , Box Platform , Article , Product Utilization

When making API calls to files and folders ("Items"), a 404 not found error is returned.

 

Environment

Box Platform - API Calls to Box via a custom application

 

Root Cause

Box has a content access permissions model based on Collaborations which follows a waterfall design. Users only have access to the folder they are invited into and any subfolders beneath it. In general, it is best to provide the user with collaboration permissions to the desired item (via a file or folder collaboration) before attempting to make API calls to the item. The most scalable way to manage user collaborations in bulk is with Groups.

Common scenarios to check for:

  • Admin attempting to access content of a managed user, but without collaboration permissions to said content.
  • Service Account for a Server Auth, application access app attempting to access content of a managed user. Since the managed user is not an app user under the application, the call will return a 404. To make calls outside to content owned outside of the application's Service Account or App Users, enterprise access is required.
  • Service Account for a Server Auth app attempting to access content of a managed/app user, but without collaboration permissions to said content.
  • App or Managed users attempting to access content owned by another user, but without collaboration permissions to said content.
  • An application with the Global Content Manager scope making calls to items owned by an external user - the GCM scope disallows this.
  • An application attempting to access an externally owned folder by using the `as-user` header.

 

Steps To Resolve

  1. Confirm which user ID is associated with the access token by Getting the Current User's Information.
  2. From a user (or access token of a user) who currently has access to the desired item, add the user as a collaborator on the file, the parent folder, or another folder higher in the containing folder structure.
  3. If the item is in an externally owned folder, use a user access token for a user who is already collaborated into that folder. This allows the API call to be made in the context of a user who has direct access to the external content.

Related articles