Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Query regarding Box authentication types & scopes

New post

Comments

4 comments

  • Murtza

     Since you are accessing content from a Box user's account, this is a Box Integration use case. Your previous approach of using OAuth 2.0 and the As-User header is the recommended approach for your use case. 

    0
    Comment actions Permalink
  • adityaagrawal7

    But using the Box integration flow, our APIs are not able to access user's data.  API Key of a sample app: l5ipi8yriew0jzp1on2v4jt2jdelbjn5

    My app already has 'as-user' enabled from your support channel and was working fine for the past 6 months or so. But suddenly the API requests for accessing user's data have started failing with error 403.

     

    Is it a bug at your end ? Can you please confirm this on priority. 

    0
    Comment actions Permalink
  • spadval

    Hey Aditya,

    Are you using the and admin / co-admin account to makes these calls?

     

    Best,

    Sanjay

    0
    Comment actions Permalink
  • adityaagrawal7

    We are making REST API calls using access token, with as-user header. 

    API: "https://api.box.com/2.0/folders/{folder_id}/items?.."  is failing when used with following headers,

    headers:{'As-User': u'removed for privacy', 'Content-Type': 'application/json', 'Authorization': 'Bearer ', 'Accept': 'application/json'}

    This API request with exact same headers was working previously.

     

    Can someone please have a quick RCA on this?

    0
    Comment actions Permalink

Please sign in to leave a comment.