Box provides a simple way to request content from one or many users without requiring them to have a Box account. There may be use cases where you may need to collect information for onboarding workflows, and in this instance, retrieving documents from a distributed number of users and creating a Box account to simply upload a file is not desirable.
Box File Requests simplify these types of flows as you can simply send someone a link to an upload widget, that can be customized with directions, capture information such as the uploader’s email address, and even add context around the files being uploaded in the form of metadata. You can read more about the customizable nature of the File Request dialog on our community site.
Note that currently the majority of the set up steps for creating the initial file requests are done directly within the Box web application, but if you are looking to integrate with our File Requests as a partner, you can still simplify the collection of content by utilizing our API endpoints.
When you are looking to create a new File Request with the current API endpoints, you must copy an existing file request. To facilitate this flow in a more scalable way, we would suggest guiding users through setting up File Requests templates that could then be reused through the API as needed. There is a guide on creating a templated file request in our developer documentation.
Application Permissions
-
If you are using a JWT based authentication mechanism, you will need to make sure that your application is set up with the following settings:
-
App Access Level: App + Enterprise Access.
-
Application Scopes: File Requests only need the basic application scope
-
Read all files and folders stored in Box
-
For OAuth 2.0 based authentication you will need to have the following settings:
-
Application Scopes: these are the minimum permissions required to be able to get user information, download files, apply classifications, and utilize the Enterprise Event stream to capture user actions.
-
Read all files and folders stored in Box
User Permissions
No special user permissions are required for file requests.
After getting a token from a user, you can then create a new File Request by copying the templated file request that you created above. When you copy a File Request you can modify a number of parameters such as the title and description of the file request, as well as some functional parameters such as whether an email address is required or if a file description is needed during the upload process.
Through the API, you can also modify existing file requests or delete them when they are no longer needed. With this flow you can provide a quick way to gather files in a distributed and secure manner.