access_denied_insufficient_permissions

Answered
New post

Comments

1 comment

  • Official comment
    jcleblanc

    Hi Andre, 

    The main reason for the admin approval step for JWT applications is for security. JWT apps can potentially have wide ranging permissions to access all data / users in an enterprise, so to prevent test applications from inadvertently causing harm to the data in the enterprise that admin step is placed. We've been actively working over the last several quarters to make the approval process easier, but it does still require admin involvement. An option to avoid this is to use the OAuth 2 flow, which will allow Box users to sign in to your applications so you can access their data directly. This does not require admin approval.

    Comment actions Permalink

Please sign in to leave a comment.