Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

webhook permission denied despite app config setting activated and app authorized

Answered
New post

Comments

7 comments

  • drhay53

    This sounds very similar to this issue:https://community.box.com/t5/Platform-and-Development-Forum/Web-Integration-Token-not-working-to-create-Webhooks/td-p/59171

     

    One thing we've noticed is that we're able to set hooks with certain event triggers: at least FOLDER.RENAMED seems to work. However we cannot include shared_link triggers, and have also tried creating the hook and updating the triggers with a PUT, which still returns the 403. 

    0
    Comment actions Permalink
  • Kourtney

      If you haven't already please open a ticket at support.box.com with all relevant info so we can help further investigate! 

     

    Best, 

    Kourtney

    Box Technical Support Engineer

    0
    Comment actions Permalink
  • drhay53

     I hadn't yet made a ticket, as I was working with a box admin here to see if we could find where things were going wrong. We've been unsuccessful, so I'll open a ticket. Thanks.

    0
    Comment actions Permalink
  • Kourtney

      Sounds good!! I'm trying to reproduce this right now and will let you know if I figure it out 🙂 

     

    Kourtney 

    Box Technical Support Engineer

    0
    Comment actions Permalink
  • Kourtney

      Figured it out! You need the read and write scope enabled as well in order to use the shared link actions. 

    0
    Comment actions Permalink
  • drhay53

     working on getting the scope change re-authed then I'll get back to you. Thanks.

    0
    Comment actions Permalink
  • drhay53

     Ok, I have confirmed that it works for JWT auth with read/write permission.

     

    A couple of questions:

    1) Why would read/write access be required to create webhooks with shared_link triggers? This is not obvious to me since there's a separate "manage webhooks" scope. Nothing about creating or receiving a webhook has anything to do with reading or writing to a file or folder?

     

    2) Why is the behavior different for standard oauth2 with a dev token? I was able to generate webhooks with the shared_link triggers before I went into getting JWT working. I'm pretty sure the scope was read only as well. 

    0
    Comment actions Permalink

Please sign in to leave a comment.