Box API - UpdateInfo - returns 403
回答済みI have a developer account and a custom app. I am trying to test the updateInfo to update the filename and description but I get a 403. I have also tried reauthorizing the app.
Error description: The request requires higher privileges than provided by the access token
BoxAPIConnection api = new BoxAPIConnection(DEVELOPER_TOKEN);
BoxFile file = new BoxFile(api, document.getDocUID());
BoxFile.Info info = file.new Info();
info.setName(document.getName());
info.setDescription(document.getDescription());
file.updateInfo(info);
When I use the
-
Hi ,
It looks like some of your question was cut off after the sample, so I'll do my best to provide guidance with what's available.
It looks like you're using the developer token in your calls, rather than the application access token. Depending on the user that you're trying to access, this might be the cause of the problem.
Since you're reauthorizing the app, I'm assuming that you're using JWT auth. The first thing that I'd recommend is to generate a proper access token for the application using this method, then try again.
-
Hi ,
These are a few of the options I can provide, given the info:
- Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
- Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
- If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.
- Jon
-
Thanks !
Apologies, I am not using the Dev token but the app token. https://developer.box.com/guides/authentication/app-token/
Here is my response to below points.
- Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
- VM: Where do you set the scopes for an Access token. I read this somewhere but with current configuration which Auth type of Access Token I dont see this scope setting anywhere.
- Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
- VM: The file was uploaded by the same account using the Box api and the auth token. The issue is just with this Put operation that leads to 403.
- If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.
- VM: As per the configuration the Access token expires in 30 days. Expiry is shown on the Configuration page of the custom app.
Please advise.
-Vishal
- Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
-
Hi ,
Ohhhh, ok I think I know what's going on. App token auth has a very restrictive number of endpoints that it works with, listed here. It's present to support a legacy system that was added into Box, which later became Box View. With that said, updating a file will not work with app token auth.
If you need the functionality of endpoints that are not on that list, then the only alternative here is that you'll need to switch to another auth method, either JWT or standard OAuth 2.
- Jon
サインインしてコメントを残してください。
コメント
7件のコメント