403 Status on Event API as Admin
Hello,
I have an app created under an admin account with the "Manage Enterprise Properties" scope checked. I attempted to grab the event logs via an OAuth API call after I made the scope configuration and I get the response "Access Denied Insufficient Permissions." As far as I understand adding the scope "Manage Enterprise Properties" is all that needs to be done to grab event logs, is there a step I missed?
-
Official comment
Hello Tyler,
Are you the primary Admin of the Box enterprise? If not, you may not have the proper co-admin permissions to be able to use this endpoint.
Best,
Kourtney, Box Developer Advocate
Comment actions -
Hello, I have the same problem.
In my case, I am also the ADMIN of the Box enterprise.
So I created an app Authentication Method [OAuth 2.0 (User or Client Authentication)].
Application Scopes:- Read all files and folders
- Manage Users
- Manage Enterprise Properties
- Manage Webhooks
- Enable Integrations
- Make API calls using the as-user Header
So when I try to make an API request, to fetch user's events. I am getting
Code: access_denied_insufficient_permissions
Status: 403
I believe I have the required scopes checked, but why am getting the issue again?
Here is my code..client = Client(OAuth2(
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
access_token=access_token,
refresh_token=refresh_token,
store_tokens=yaml_updater
))users_ids = [user.id for user in client.users()]
for user_id in users_ids:
user_client = client.as_user(client.user(user_id=user_id))
events = user_client.events().get_events()
for event in events:
print(event)Not sure where I went wrong!!! Thanks in advance.
-
Hello Peleg,
Can you please try reauthorizing the app in the Admin console and when you do so, ensure that the scopes listed are what you think they are (as listed above)?
I just found a bug on the configuration page with saving settings that Im thinking it may be causing the issue here. I've reported it to our engineering team.
If reauthorizing and checking the scopes doesn't help, are you able to provide me with the following so I can take a look at our backend logs for more info?
- client ID of your application
- example date/time/timezone of the error
Best,
Kourtney, Box Developer Advocate
-
Thank you,
I tried to reauthorizing the app, but could not see it in the Admin console, (probably because this is OAuth2.0 Authentication process, but my Other JWT authenticated app shows up in the App console.)
Anyways I tried to get the access token again using the Authorize URL for MY APP
I have rechecked my app scopes as well.
This is the response I am getting Hope this helps."GET https://api.box.com/2.0/events?limit=100&stream_position=0&stream_type=all" 403 217
{'Date': 'Tue, 13 Apr 2021 09:33:30 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '18188dd3a69de74c83a3fb9ad860047d5'}
{'code': '---ions',
'help_url': 'http://developers.box.com/docs/#errors',
'message': 'Access denied - insufficient permission',
'request_id': '3gs9cxgpi910z1jg',
'status': 403,
'type': 'error'} -
Apologies, I see now you stated before your app was OAuth2. On the backend I'm seeing the 403 is caused by that app not having as-user permissions. However, two things to note here:
1. You cannot as-user as the Admin of an enterprise
2. You stated above you are the Admin of the enterprise, so there is no need to as-user here
Best,
Kourtney, Box Developer Advocate
Please sign in to leave a comment.
Comments
5 comments