Getting 404 error when attempting to upload with a scoped token generated with token exchange API
Our end goal is to upload a document on the client side with a downgraded token generated from token exchange, but are unable to get it working.
1) I created a root folder and have collaborated the app account as co-owner
2) Generated a token scoped to an existing folder(token exchange) using Box Java SDK 2.5.
3) When attempting to upload a document to the folder, or even just get folder information with the scoped token, I receive a 404 error. I have tried giving root_readwrite, so the token should definitely have access.
Response from token exchange API call
{"pendingChanges":null,"accessToken":"1!5HtDBS5-d7D1HxYBxT8zGktuEsaPx99W8k0Gv_Y1mRFW55AOfmDzjFpSG7kufsfiXAVu5vnzo4alHUGnAxsTaoyD3THTQl_D2dTW1FpjOctlY75q4aIfXHj9lFG2QQqP_8rg--v-9nTmHYcYs6N7LVEPKUgHGj-t6KZIcOufaV_6JX_66KZqCmvxIXbD9DC1KD_wpj2eEYbmXq5dRVPmqSil4Oyu0qqnbKYELWG4z-TQqnuQ7iyUWUvRvv3U9LVy1UlX7wh2m7AH_lxNHZkWBm7uX8t5kLu7oeG1xMviHqnuUsu3wgMlt2RUkrIa0znXtcI2uYhbQo8F7kokZ9A8ArSFMvD7CGrSgLxV9PpcyfX1BbMosmy6tE1cSvmsXPcS2lqic1dINQmUmdqbLkBlarMoH9FB24qC3cpL-5nxVmC-ylchEhR0syIiu6INq4-N-dlc8K_8BA..","expiresIn":3897000,"tokenType":"bearer","issuedTokenType":"urn:ietf:params:oauth:token-type:access_token","restrictedTo":
[{"scope":"root_readwrite","object":{"type":"folder","id":"***number removed for privacy***88","sequence_id":"0","etag":"0","name":"DEV"}},{"scope":"base_explorer","object":{"type":"folder","id":"***number removed for privacy***88","sequence_id":"0","etag":"0","name":"DEV"}}],"obtainedAt":150***phone number removed for privacy***}
Response from get folder information API call
{"type": "error","status": 404,"code": "not_found","context_info": {"errors": [{"reason": "invalid_parameter","name": "item","message": "Invalid value 'd_33983181988'. 'item' with value 'd_33983181988' not found"}]},"help_url": "http://developers.box.com/docs/#errors","message": "Not Found","request_id": "***number removed for privacy***5988d25d3e197"}
-
I assuming you are trying to hit folder with id 33983181988 (folder ids are not PII, so you don't need to obfuscate them for privacy :)) since the response has some references to d_33983181988 (internally we call this typed id where d signifies directory). Make sure the folder id you are providing to the explorer is numbers only in string format, not with d_ prefixes. So '33983181988'.
Also, base_explorer scope won't have upload permission. Additionally add the item_upload scope.
https://developer.box.com/docs/box-content-explorer#section-scopes
BTW: You should not post your access tokens on public forums 🙂
Please sign in to leave a comment.
Comments
1 comment