Client make_request API throwing Access denied - insufficient permission error.
Hello Team,
I'm facing an issue when I'm collecting data using API.
APIs:
/events?stream_type=admin_logs&limit=500 /users?limit=500
Note: I'm using client Ids and tokens with Admin Role.
Below is my Sample Python code:
from boxsdk import OAuth2 from boxsdk import Client from boxsdk.config import API oauth = OAuth2( client_id='CLIENT_ID', client_secret='CLIENT_SECRET_ID', access_token='MY_DEVELOPER_CODE' ) client = Client(oauth) API_URL = 'https://api.box.com/2.0/events' json_response = client.make_request( 'GET', API_URL).content API_URL = 'https://api.box.com/2.0/events?stream_type=all&limit=100&stream_position=0&created_after=2017-04-06T09:38:30-00:00&created_before=2017-04-07T09:38:30-00:00' json_response = client.make_request( 'GET', API_URL).content API_URL = 'https://api.box.com/2.0/users?limit=500' json_response = client.make_request( 'GET', API_URL).content API_URL = 'https://api.box.com/2.0/events?stream_type=admin_logs&limit=500&stream_position=0&created_after=2017-04-06T09:38:30-00:00&created_before=2017-04-07T09:38:30-00:00' json_response = client.make_request( 'GET', API_URL).content
With Below API calls It is working fine:
API_URL = 'https://api.box.com/2.0/events' json_response = client.make_request( 'GET', API_URL).content
API_URL = 'https://api.box.com/2.0/events?stream_type=all&limit=100&stream_position=0&created_after=2017-04-06T09:38:30-00:00&created_before=2017-04-07T09:38:30-00:00' json_response = client.make_request( 'GET', API_URL).content
With Below API calls It is throwing an error:
API_URL = 'https://api.box.com/2.0/users?limit=500' json_response = client.make_request( 'GET', API_URL).content
Message: Access denied - insufficient permission
Status: 403
Code: access_denied_insufficient_permissions
Request id: swxpb8fndu1d6y5o
Headers: {'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'BOX-REQUEST-ID': '3abmfglh43mn5f83lej93i5u1d', 'Age': '0', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Vary': 'Accept-Encoding', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache, no-store', 'Date': 'Fri, 12 Jan 2018 06:59:52 GMT', 'Content-Type': 'application/json'}
URL: https://api.box.com/2.0/users?limit=500
Method: GET
Context info: None
API_URL = 'https://api.box.com/2.0/events?stream_type=admin_logs&limit=500&stream_position=0&created_after=2017-04-06T09:38:30-00:00&created_before=2017-04-07T09:38:30-00:00' json_response = client.make_request( 'GET', API_URL).content
Message: Access denied - insufficient permission
Status: 403
Code: access_denied_insufficient_permissions
Request id: REQUEST_ID
Headers: {'Content-Length': '176', 'Content-Encoding': 'gzip', 'Age': '2', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Vary': 'Accept-Encoding', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache, no-store', 'Date': 'Fri, 12 Jan 2018 06:59:05 GMT', 'Content-Type': 'application/json'}
URL: https://api.box.com/2.0/events?stream_type=admin_logs&limit=500&stream_position=0&created_after=2017-04-06T09:38:30-00:00&created_before=2017-04-07T09:38:30-00:00
Method: GET
Context info: None
Any help will highly appriciated,
Thanks
Kamlesh
-
Hi Kamlesh,
This is probably a scope issue, since the events endpoint is returning content but the users endpoint is not. Let's see if this is related to the scopes selected on the app. It looks like you are running an OAuth based app instead of JWT / OAuth, so the following steps should hopefully help.
Can you please go to your application dashboard (https://cloud.app.box.com/developers/console) and select your application. From that page, go to "Configuration" from the menu on the left side of the screen. Go down to the "Application Scopes" screen and make sure that "Manage Users" is selected. If not, select that and save. You may also need to select "Manage Enterprise Properties" for that second admin log call. Hopefully that's the root cause, but let me know if that doesn't solve the issue and we can dig further.
Here's a more detailed answer for this error, in case the above doesn't work: https://community.box.com/t5/Developer-Troubleshooting/API-Troubleshooting-403-quot-access-denied-insufficient/ta-p/48536.
- Jon
Please sign in to leave a comment.
Comments
1 comment