400 "bad request" API search when a user from outside my company account shares a document with me..
AnsweredHello, I wonder if anyone has come across something like this...
I am using the search facility within the API to retrieve documents. We have come across a case where an error occurs and we are not sure if it might be an issue with the API or something we are doing perhaps?
I get a 400 "bad request" if there is a document shared with me from an external box user (not on our account, e.g. shared from an external individual account ***email address removed for privacy***) when an offset (i.e. skip for pagination) is specified.
This does not occur if offset is 0 or not specified. I am able to return 200 documents if i set the offset to 0. This only occurs if the 'external user' not from my company shares a document is with me. This seems to be regardless of where or whether the document would be returned in the results.
Initially I thought this was a permissions issue 403 due to the document being owned from outside our account but I am not sure now what the problem is. It is 400 - bad request. (invalid parameter - although the only parameters used are query and offset)
We are using application level (client credential with JWT) authentication and make use of the As-User header, however I can recreate the issue by authenticating via the "try it" facility on the API reference (https://developer.box.com/reference). So i do not think it is related to the As-User header, perhaps more of a general issue.
E.g. via the "Try it now" facility in API reference...
curl https://api.box.com/2.0/search?query=external -H "Authorization: Bearer ACCESS_TOKEN"
Works fine (200) I get results
curl https://api.box.com/2.0/search?query=external&offset=1 -H "Authorization: Bearer ACCESS_TOKEN"
400 with any offset specified
{
"type":"error"
"status":400
"code":"bad_request"
"context_info":{
"errors":[
0:{
"reason":"invalid_parameter"
"name":"offset"
"message":"Invalid value '1'."
}
]
}
"help_url":"http://developers.box.com/docs/#errors"
"message":"Bad Request"
"request_id":"1a92c6fvg92m9ybi"
}
-
OK, so I didn't include the limit in the example I gave, but this was me trying to give a clean example, so apologies if that was misleading, our code was actually adding in a limit.
The example should have been more like curl https://api.box.com/2.0/search?query=doc&offset=24&limit=24
Or in actual fact what was causing the issue curl https://api.box.com/2.0/search?query=doc&offset=23&limit=24
It seems that the problem was the 400 error is due to the offset (23) not being a multiple of the limit (24). For the initial call (first page) we request 24 documents, but when the external document exists the API only returns 23 even though there are > 100 results in total, probably due to the externally shared document being skipped for some reason? The offset requested by the code is the number of documents returned in the first call, but the page length, therefore the limit, was still 24, so this causes the 400, as the offset is then not being a multiple of the limit.
Thanks for your help.
There is still the issue that the API does not seem to return the document shared from the external user.
Please sign in to leave a comment.
Comments
3 comments