I am trying to access information about a file that a Managed User has shared within my application. This is API call I am making in order to do so:
curl https://api.box.com/2.0/files/FILE_ID \ -H "Authorization: Bearer ENTERPRISE_ACCESS_TOKEN" \ -H "As-User: MANAGED_USER_ID" \ -X GET
And the response I recieve is:
"Access denied - insufficient permission"
The problem for me is that my App Users (Enterprise or User) from the platform app are not able to see other users (Managed) within the enterprise. I have all the scopes selected within the Platform settings page. However, it does work the other way around–Managed Users are able to retrieve all users within the enterprise, including App Users. This is when the 'Manage Users' scope is selected within the Integration app settings page.
Ultimately, what I'm trying to achieve is:
1) Existing managed users in my enterprise can link a file from their repos using Box Integration to my application. (The url is an internal, obscured link. Shared URL is not appropriate for this use case.)
2) If a user of my application clicks the link, the application uses Box Platform for server-to-server authentication in order to use the API and download the file.
How should I be using the API for this use case?