Box API help
Hi,
I've been trying to start creating a pipeline for managing files and folders in Box using the Box API. I am having some problems.
I have done the following....
- Created an App based on OAuth 2.0 (user or client authentication)
- Setup a redirect uri for the App based on my company's Box homepage:
https://XXX.XXX.box.com/auth/callback
- Copied the client id / client secret and used the App's client id / client secret to generate a Bearer token using:
curl -i -X POST "https://api.box.com/oauth2/token" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=XXXXXXX" -d "client_secret=XXXXX" -d "grant_type=client_credentials"
- Copied the Bearer token generated and then used the Bearer token in API calls:
curl -i -X GET "https://api.box.com/2.0/events" -H "Authorization: Bearer ZZZZZZZZZ"
However now I get errors:
{"type":"error","status":400,"code":"bad_request","context_info":{"errors":[{"reason":"invalid_parameter","name":"user","message":"Invalid value 'Box_Anonymous_User 2'."}]},"help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Bad Request","request_id":"lsnrcsgq24dqcxgu"}
Any idea what I am doing incorrectly?
Is my App maybe setup incorrectly?
If there is a blog or guide to setting up API pipelines with the Box API please feel free to share them :-)
Any help most appreciated!
Thanks, Nick
-
Hey Nick,
If I've understood correctly, you've currently selected OAuth2 (user authentication) as your authentication type. This will require end-user interaction via the browser, which it sounds like may not be best for your use case. Later on in your post it looks like you're trying to use client credentials grant to authenticate using a client ID and client secret but that requires selecting OAuth2 with Client Credentials Grant (Server Authentication) as the authentication method. If that is the case and you want to proceed with using client credentials grant, take a look at the cURL example on the page I linked. It's important to note that by default, you'll authenticate as the application Service Account and not your own user.
Hope this helps get you on the right track!
Best,
Kourtney, Box Developer Advocate
-
Hi,
I agree that my original App was created with the wrong "Authentication method".
So I have created a new App with an "Authentication method" of "OAuth 2.0 with client credentials grant (server authentication)".
And using the client_id / client_secret and the "enterprise type" / Enterprise ID from that App I used the API call below:
curl --location --request POST 'https://api.box.com/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=XXXXXXX' --data-urlencode 'client_secret=ZZZZZZZZZ' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'box_subject_type=enterprise' --data-urlencode 'box_subject_id=111111'
Unfortunately this fails:
{"error":"invalid_grant","error_description":"Grant credentials are invalid"}
What do I continue to do incorrectly?
Thanks, Nick -
Forgive me if I should be starting a separate thread, but I am having similar difficulties.
I am able to successfully request and received an access token. However, when I try to use that token (as bearer token) to create a collaboration, the request fails "not found".
I have tested the api call using a dev token and it works no problem. Which leads me to believe I am making a mistake requesting the access token.
My Box app is configured as Authentication method" of "OAuth 2.0 with client credentials grant (server authentication)" and my api call has:
Content-Type: application/json in the header
and request body: {
"box_subject_id":"######",
"box_subject_type":"enterprise",
"client_id":"XXXXX",
"client_secret":"XXXXX",
"grant_type":"client_credentials"
}Where am I making a mistake: a) in requesting the access token or b) in using the access token?
Thanks in advance,
Andrew
サインインしてコメントを残してください。
コメント
5件のコメント