Permissions Needed to Authenticate API's

新規投稿

コメント

5件のコメント

  • cbetta

    Hi  this all depends on what user manipulation and events APIs the app wants to use. If it only needs to read the current user's events and user details, then any user should be able to authenticate the app. If the app wants to be able to read all users and events in the enterprise, then the authenticated OAuth 2.0 user needs to be an admin or co-admin.

     

    Is this app being developed by you or by a third party? And is it a new app or something you're looking to adopt that's already built?

    0
    コメントアクション パーマリンク
  • Flexera

    Thanks for your reply, it's an application we built and need to provide the miminum permissions needed to authorize the application. 

     

    0
    コメントアクション パーマリンク
  • cbetta

    Excellent. So what actual API calls does the app need to make?

    0
    コメントアクション パーマリンク
  • Flexera

    We are using these endpoints- https://api.box.com/2.0/users and https://api.box.com/2.0/events to get the list of all users and their last logins. 

    0
    コメントアクション パーマリンク
  • cbetta

    So in that case you have 2 options.

     

    You can either have an admin or co-admin authenticate through OAuth 2.0, or you can use a JWT authenticated (server to server) app.

     

    In both cases, the app will need the permissions to "Manage users" as well as "Read enterprise properties".

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。