Welcome to the new Box Support website. Check out all the details here on what’s changed.

Permissions Needed to Authenticate API's

New post

Comments

5 comments

  • cbetta

    Hi  this all depends on what user manipulation and events APIs the app wants to use. If it only needs to read the current user's events and user details, then any user should be able to authenticate the app. If the app wants to be able to read all users and events in the enterprise, then the authenticated OAuth 2.0 user needs to be an admin or co-admin.

     

    Is this app being developed by you or by a third party? And is it a new app or something you're looking to adopt that's already built?

    0
    Comment actions Permalink
  • Flexera

    Thanks for your reply, it's an application we built and need to provide the miminum permissions needed to authorize the application. 

     

    0
    Comment actions Permalink
  • cbetta

    Excellent. So what actual API calls does the app need to make?

    0
    Comment actions Permalink
  • Flexera

    We are using these endpoints- https://api.box.com/2.0/users and https://api.box.com/2.0/events to get the list of all users and their last logins. 

    0
    Comment actions Permalink
  • cbetta

    So in that case you have 2 options.

     

    You can either have an admin or co-admin authenticate through OAuth 2.0, or you can use a JWT authenticated (server to server) app.

     

    In both cases, the app will need the permissions to "Manage users" as well as "Read enterprise properties".

    0
    Comment actions Permalink

Please sign in to leave a comment.