Query regarding Box authentication types & scopes
I have a Box app, which uses OAuth 2.0 for the past one year in order to backup Enterprise user's data. In-order to access each user's data we had taken the 'as-user' permission.
After Box has introduced another Authentication flow, I am not sure whether to call my app as a Box Integration or Box Platform?
But after this upgrade on Box, our API requests to access users data had started failing with error 403. Whereas we were able to access admin's data with the same access token.
Then we tried the following change in app settings and the API started to work. We changed:
- Authentication Type : Server Authentication (OAuth2.0 with JWT)
- Under Scopes -> Enterprise : Select - Manage Enterprise, Manage Users, Manage App Users
- Advanced Features : Select Perform actions on behalf of users
We are not using any RSA key pair for authentication.
Can you please let us know if these settings are correct ? I am not able to find any documentation for the same.
-
But using the Box integration flow, our APIs are not able to access user's data. API Key of a sample app: l5ipi8yriew0jzp1on2v4jt2jdelbjn5
My app already has 'as-user' enabled from your support channel and was working fine for the past 6 months or so. But suddenly the API requests for accessing user's data have started failing with error 403.
Is it a bug at your end ? Can you please confirm this on priority.
-
We are making REST API calls using access token, with as-user header.
API: "https://api.box.com/2.0/folders/{folder_id}/items?.." is failing when used with following headers,
headers:{'As-User': u'removed for privacy', 'Content-Type': 'application/json', 'Authorization': 'Bearer ', 'Accept': 'application/json'}
This API request with exact same headers was working previously.
Can someone please have a quick RCA on this?
Please sign in to leave a comment.
Comments
4 comments