Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box API - UpdateInfo - returns 403

Answered
New post

Comments

7 comments

  • jcleblanc

    Hi ,

     

    It looks like some of your question was cut off after the sample, so I'll do my best to provide guidance with what's available. 

     

    It looks like you're using the developer token in your calls, rather than the application access token. Depending on the user that you're trying to access, this might be the cause of the problem. 

     

    Since you're reauthorizing the app, I'm assuming that you're using JWT auth. The first thing that I'd recommend is to generate a proper access token for the application using this method, then try again.

    0
    Comment actions Permalink
  • vmali

    Thanks 

     

    I am using the Access token method (as Dev token) and no JWT. I am able to perform other operations on the file - Download, upload file, create/update metadata etc. When I try the put for File update it fails with 403. This is confusing too. 

     

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    These are a few of the options I can provide, given the info:

    1. Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
    2. Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
    3. If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.

    - Jon

    0
    Comment actions Permalink
  • vmali

    Thanks !

     

    Apologies, I am not using the Dev token but the app token. https://developer.box.com/guides/authentication/app-token/

     

    Here is my response to below points. 

     

    1. Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
      1. VM: Where do you set the scopes for an Access token. I read this somewhere but with current configuration which Auth type of Access Token I dont see this scope setting anywhere. 
    2. Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
      1. VM: The file was uploaded by the same account using the Box api and the auth token. The issue is just with this Put operation that leads to 403. 
    3. If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.
      1. VM: As per the configuration the Access token expires in 30 days. Expiry is shown on the Configuration page of the custom app. 

    Please advise. 

     

    -Vishal

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    Ohhhh, ok I think I know what's going on. App token auth has a very restrictive number of endpoints that it works with, listed here. It's present to support a legacy system that was added into Box, which later became Box View. With that said, updating a file will not work with app token auth.

     

    If you need the functionality of endpoints that are not on that list, then the only alternative here is that you'll need to switch to another auth method, either JWT or standard OAuth 2.

     

    - Jon

    0
    Comment actions Permalink
  • vmali

    Great, at least we know the issue. 

     

    That's interesting as I am able to also perform other operation like create/update metadata on the file that I uploaded. Can you please confirm if the link is up-to-date?

     

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    It's entirely possible that there may be a discrepancy in the docs. I've gone ahead and filed an internal ticket for us to test our public endpoints with an app token to ensure that we can get an accurate assessment of the viable endpoints, and document them as such.

     

    Thanks,

    Jon

    0
    Comment actions Permalink

Please sign in to leave a comment.