Welcome to the new Box Support website. Check out all the details here on what’s changed.

API box target

New post

Comments

8 comments

  • Official comment
    Alex Novotny

    Hello Hernan! 

    When the application you created in the Box developer console gets authorized by the administrator, a service account is automatically generated for the application. You can see how to see that login here. The folders you are seeing in your api call are folders that live under that service account. In order to see files and folders under your Box account, you will want to make API calls as your user, like this. There are tons of examples using the python sdk in the usage markdown files here. Feel free to take a look. Let me know if you have additional questions. 

    Thanks, 

    Alex, Box Developer Advocate

    Comment actions Permalink
  • Hi Alex! Thanks for your reply!

    I was trying to use the impersonation code:

    user_to_impersonate = client.user(user_id='###########')
    user_client = client.as_user(user_to_impersonate)

    items = user_client.folder(folder_id='0').get_items()
    for item in items:
    print('{0} {1} is named "{2}"'.format(item.type.capitalize(), item.id, item.name))

    However, I obtain a 403 error:

    "GET https://api.box.com/2.0/folders/0/items?offset=0" 403 217
    {'Date': 'Thu, 20 May 2021 15:25:48 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '0b904846ce1031762268369f20d55cb5e'}
    {'code': '---ions',
    'help_url': 'http://developers.box.com/docs/#errors',
    'message': 'Access denied - insufficient permission',
    'request_id': '4qe048gqpb50616i',
    'status': 403,
    'type': 'error'}

    I was trying to get the list of users in order to validate my user_id even I tried to create a new user, but the answer is the same: a 403 error.

    Do you know what would be the problem?

    Thanks!

    Hernan M

    0
    Comment actions Permalink
  • Alex Novotny

    Is the make API calls using the as-user header checked for you application in the configuration section? 

    0
    Comment actions Permalink
  • Hi!

    I'm using the Server Authentication for my Custom App.

    I've only got a Client ID and the Primary Access Token in order to be authenticated.

    I think the image you send is related to a Auth2.0, right? 

    I would like to upload a file to my Box at the end of my Python script. There is not a GUI, only CLI.

    Thanks for your help.

    Hernan M

    0
    Comment actions Permalink
  • Alex Novotny

    Hey, 

    I just want to clarify what you are saying. You picked option 2 when you created your app? 

    Thanks, 

    Alex, Box Developer Advocate

    1
    Comment actions Permalink
  • Hi Alex!

    I picked the first one, then I picked server Authentication.

    Thanks.

    Hernan M

    0
    Comment actions Permalink
  • Kourtney

    Hey Hernan, 

    It looks like you're making this API call as user ID 16114961890, which is associated with a Limited Access App, which cannot use the as-user header. I recommend using this endpoint to validate who your token is associated with: https://developer.box.com/reference/get-users-me/. 

    Best,

    Kourtney, Box Developer Advocate

    0
    Comment actions Permalink
  • Hi Kourtney.

    I was trying again and I created a Custom app with JWTauth. I submitted a request for authorization in order to use the APIs. They said me that I don't have to active the make API call using as-user header. And I still have the same problem. Now, I´ve got a new service account user and no chance to watch my Box Files.

    from boxsdk import JWTAuth, Client

    auth = JWTAuth.from_settings_file('config.json')
    client = Client(auth)

    user_to_impersonate = client.user(user_id='#######')
    user_client = client.as_user(user_to_impersonate)

    items = user_client.folder(folder_id='0').get_items()
    for item in items:
    print('{0} {1} is named "{2}"'.format(item.type.capitalize(), item.id, item.name))

    "GET https://api.box.com/2.0/folders/0/items?offset=0" 403 217
    {'Date': 'Thu, 27 May 2021 04:47:39 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '024b5943ab030c7d5a3aba0cc1cd548b'}
    {'code': '---ions',
    'help_url': 'http://developers.box.com/docs/#errors',
    'message': 'Access denied - insufficient permission',
    'request_id': 'ynse9zgqww164sry',
    'status': 403,
    'type': 'error'}

    Traceback (most recent call last):
    File "C:\Users\000245815\PycharmProjects\devnet_project\ibm-box-app\box_backup_app.py", line 71, in <module>
    for item in items:
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 105, in next
    return next(self._all_items)
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 115, in _items_generator
    response_object = self._load_next_page()
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 156, in _load_next_page
    box_response = self._session.get(self._url, params=params)
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 102, in get
    return self.request('GET', url, **kwargs)
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 158, in request
    response = self._prepare_and_send_request(method, url, **kwargs)
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 406, in _prepare_and_send_request
    self._raise_on_unsuccessful_request(network_response, request)
    File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 320, in _raise_on_unsuccessful_request
    raise BoxAPIException(
    boxsdk.exception.BoxAPIException: Message: Access denied - insufficient permission
    Status: 403
    Code: access_denied_insufficient_permissions
    Request ID: ynse9zgqww164sry
    Headers: {'Date': 'Thu, 27 May 2021 04:47:39 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '024b5943ab030c7d5a3aba0cc1cd548b'}
    URL: https://api.box.com/2.0/folders/0/items
    Method: GET
    Context Info: None

    I had a success case when I used the developer token, but it was temporary because the developer token is valid for 60 minutes. Is there a way that the token don't expire?

    Thanks

    Hernan M

    0
    Comment actions Permalink

Please sign in to leave a comment.