Error when uploading through webforms using Box API

New post



  • Jason

    Hi  ,


    Sorry to hear about the issues! This might be a good request as a Support Ticket, but just as a sanity check, what does the Request header look like? Obfuscate the access token of course, but what I'd want to make sure is that the app is following the convention of "Authorization: Bearer ".


    As an additional sanity check, do you see any difference in the network tabs between the successful uploads and failed uploads?




    Comment actions Permalink
  • mlandgraf

    Hi Jason,


    Our header is defined in our code like this. I'll X out certain portions for privacy:

    var oHeader = {
            "alg": "RS256",
            "typ": "JWT",
            "kid": "XXXXXXXX"
    Here is the payload:
        var oPayload = {
            "iss": client_id,
            "sub": "XXXXXXXXX",
            "box_sub_type": "user",
            "aud": "",
            "jti": jti,
            "exp": exp_date
        //Generate the JWT signature
        var sHeader = JSON.stringify(oHeader);
        var sPayload = JSON.stringify(oPayload);
        var jwt_signature = KJUR.jws.JWS.sign("RS256"sHeadersPayloadprivate_key);

        //Make the request for the access code
        var post_data = 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=XXXXXXXXXXXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXXX&assertion=' + jwt_signature;
        var access_request = nlapiRequestURL(''post_datanullnull'POST');
    I can't comment on the differences in the Network tab between successful and failed uploads because I can no longer get anything to upload successfully.
    Comment actions Permalink
  • mlandgraf

     Any suggestions on this?


    Comment actions Permalink
  • Jason

     Ah, sorry about that - I meant Headers in the sense of the HTTP Headers, and less so the header of the JSON Web Token.


    Not to get too deep into technical troubleshooting, but here's an example of a browser upload from a File Request link:

    Screen Shot 2020-03-12 at 10.34.06 AM.png

    Under the Request Headers, there's a token in the format "Authorization: Bearer ". One thing you could do is see if your upload request (whether it fails or succeeds) has the header formatted correctly, or if there's a subtle difference somewhere. If it does seem to match, the other thing you could do is ensure the token is valid (copy/paste it and use it in Postman or a curl from the command line, for example), but the error message does seem to suggest a formatting issue.

    Comment actions Permalink
  • mlandgraf

    Per Box support, this issue was caused by a change on their end. When requesting the access the token, the header's content type must be set like 

        var headers = {
            'Content-Type': 'application/x-www-form-urlencoded'
    Hopefully this fixes things for others as well!
    Comment actions Permalink

Please sign in to leave a comment.