Server Side Authentication
My application uses JWT server side auth and the NodeJS SDK to authenticate to Box. The authentication is successful, and I am able to upload files with the SDK, however when I try to perform other actions like `client.folders.getItems`, for example, I am getting 405 Method Not Allowed errors. It seems like JWT only allows for read and write access, but prevents other actions like listing. Is this correct?
I need a way to authenticate with a long live access token, that allows for all endpoints in the SDK, not just read and write. Is there a way to do this? It looks like App Tokens also only allow for read and write privileges. I read here https://developer.box.com/guides/api-calls/permissions-and-errors/scopes/ that you can apply for additional scopes, would that be the only way to achieve the desired capabilities?
Please let me know if this is possible, thank you!
-
Hello,
JWT is able to support all functionality, even listing. It's hard to say what's going on without more information. However, I will note that we do not allow long lived tokens for security reasons. Access tokens expire after 60 minutes and then must be refreshed using a refresh token. This can be done programmatically and is already built into our SDKs. The ability an access token possess is comprised of the selected scopes + application access + user permissions.
If you're comfortable providing information here, I can try to take a look, but will need the following:
- API key (aka client id) of your application
- Example date/time/timezone you received the 405
- Call you made when you received the 405
- Full body response of the 405
Otherwise, you'll need to login to a paid Box account and submit a support ticket with the information above for further investigation by our support team.
Best,
Kourtney, Box Developer Advocate
Please sign in to leave a comment.
Comments
1 comment