I have a Box app, which uses OAuth 2.0 for the past one year in order to backup Enterprise user's data. In-order to access each user's data we had taken the 'as-user' permission.
After Box has introduced another Authentication flow, I am not sure whether to call my app as a Box Integration or Box Platform?
But after this upgrade on Box, our API requests to access users data had started failing with error 403. Whereas we were able to access admin's data with the same access token.
Then we tried the following change in app settings and the API started to work. We changed:
- Authentication Type : Server Authentication (OAuth2.0 with JWT)
- Under Scopes -> Enterprise : Select - Manage Enterprise, Manage Users, Manage App Users
- Advanced Features : Select Perform actions on behalf of users
We are not using any RSA key pair for authentication.
Can you please let us know if these settings are correct ? I am not able to find any documentation for the same.