Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

403 error while file download API Call

Answered
New post

Comments

8 comments

  • jcleblanc

    Hi ,

     

    What scopes do you have set on your application? For downloads I believe you'll need to have the read / write files and folders scope set as there will be information written back to the file on download.

     

    - Jon

    0
    Comment actions Permalink
  • Constant9

    The write scope was disabled. After enabling it I was able to download the files.

    However, it is a weird situation because the the action I am interested in is "view" only and not "edit".

    Does allowing the "write" scope implies that my application will be able to change contents or move files?

    thanks.

    0
    Comment actions Permalink
  • jcleblanc

    ,

     

    Correct, adding the write scope will mean that your app will have those elevated privileges to make content change / move requests. 

     

    If you'd like to keep the application tightly scoped for just downloading, I have something that might work. I haven't tested it for specifically this case, but you could technically use the token downscoping endpoint to take your wider scoped access token and downscope it for read only with download permissions. What I'm thinking is specifically setting it for these two scopes: 

    • item_download
    • root_readonly

    Here are the wider set of scopes that you can set for and here are some samples for making downscope token requests with the different SDKs. 

    0
    Comment actions Permalink
  • Constant9

    Thanks for detailed answer! I will try it.

    It will be helpful to know what are the changes which happen when I download a file? Is some metadata is being updated?

     

    0
    Comment actions Permalink
  • jcleblanc

    ,

     

    I was working on a sample recently for this same issue and wanted to provide some more context. It appears that if you set the token downscope scopes to only 'item_read' it'll allow the download. Here's a sample in Node that shows you that process:

     

    'use strict';
    

    // Initialize packages
    const appConfig = require('./config.js');   // Auth keys and Box SDK
    const boxSDK = appConfig.boxSDK;            // Box SDK
    const fs = require('fs');                   // File system accessor for RSA keys
    const util = require('util');               // Deep inspection of objects
    

    // Fetch private key for signing the JWT
    const secret = fs.readFileSync(appConfig.privateKeyPath);
    

    const sdk = new boxSDK({
      clientID: appConfig.jwtClientId,
      clientSecret: appConfig.jwtClientSecret,
      appAuth: {
        keyID: appConfig.publicKeyId,
        privateKey: secret,
        passphrase: appConfig.keyPass
      }
    });
    const client = sdk.getAppAuthClient('enterprise', appConfig.enterpriseId);
    

    // Define resource and scopes that downscoped token should have access to
    const scopes = 'item_read';
    const fileId = '314831637088'
    const resource = `https://api.box.com/2.0/files/${fileId}`
    

    // Perform token exchange to get downscoped token
    client.exchangeToken(scopes, resource).then((dsToken) => {
      const dsclient = sdk.getBasicClient(dsToken.accessToken);
    

      //FILE DOWNLOAD
      dsclient.files.getReadStream(fileId, null, function(error, stream) {
        if (error) {
          console.error(error);
        }
    

        // write the file to disk
        var output = fs.createWriteStream('/Users/jleblanc/Desktop/tempdoc.txt');
        stream.pipe(output);
      });
    }).catch((err) => {
      console.error(err);
    });

    For the data written, it'll be items such as access stats (# of downloads in this case). 

     

    Hope that helps,

    Jon

     
    0
    Comment actions Permalink
  • vk16

     Hi, I'm trying to download file using Box-api download file in node.js from here https://developer.box.com/reference and in response->body or body I'm getting the raw data of the file but I'm not sure how to convert that raw data into Readable or writable stream in Node.js. Can you help me in that. 

     

    Thanks in advance

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    Yep, something like the following should work, where fileID is the Box file ID and the tempdoc.txt item is the new file created locally from the download.

     

    client.files.getReadStream(fileId, null, function(error, stream) {
      if (error) {
        console.log(error);
      }
    
      // write the file to disk
      var output = fs.createWriteStream('./tempdoc.txt');
      stream.pipe(output);
    });

     

    0
    Comment actions Permalink
  • vk16

    Hi  

     

    Thanks for your response but I'm not using box-node-sdk because our project is in Typescript as box-sdk don't have @types files I have to use API(https://api.box.com/2.0/files/file_id/content). Documentation says it returns the raw data and an url to download the file but I'm getting only the raw data in the response. Can you help me how to convert that raw data into a file.

     

    Thanks again.

    0
    Comment actions Permalink

Please sign in to leave a comment.