API As-User or Client token Creating Root parentID 0 folders 403 access denied
AnsweredAnyone out there that can please point me in the right direction?
Using the API I have been able to successfully create subfolders for all users. I have an App that is authorized in an Enterprise sandbox with Manage All Users access and impersonation.
When attempting to create a subfolder at the root level with a parent id of '0' I get the below error. This seams to happen both when using the As-User parmater as well as generating a client specific token with user claim instead of enterprise.
The strange thing is this only seemed to start happening on new accounts, the first few Admin/Co-Admin users I was able to create root level folders without issue.
ERROR:
Invoke-RestMethod : {"type":"error","status":403,"code":"access_denied_insufficient_permissions","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Access denied - insufficient
permission"
-
This person had the same issue however the support acticle they reference is no longer valid. There seems to be some sort of setting that prevents the API from creating root level folders of non admin accounts?
https://www.codecademy.com/en/forum_questions/51c32a977c82cabba700c325
https://support.box.com/entries/23529717-file-and-folder-ids
-
Ok I found the root cause of the issue I am seeing relates to the 'Restrict content creation' which prevents NON Admins from creating top level folders.
Is there a way to work around this? Even if I do an As-User with an admin users token I am not able to create the root level folders with the API.
-
I have been trying to create something similar for several years now, but have been running into the same problem since we also have the "restrict content creation" setting applied. Have you successfully created this app? If so, would you be willing to share any of your steps or code to do so?
Thanks!
-
Sorry I don't have code to share.
We use OKTA provisioning and they provided an update that allows the new users root level folder to be created without the adminbox account listed as a collaborator.
Really its using the same method so if you find a function for inviting/removing a collaborator you can create the folder under the adminbox account and invite the managed user as a collaborator. Then remove adminbox and it will only belong to the user and shows at their root level.
Please sign in to leave a comment.
Comments
6 comments