List recently accessed items - 403 Forbidden
I've created an .net core application that uses the Box API to provide a set of features.
The authentication is performed using jwt without sdk, as described here.
After authenticating, all requests to the Box API use the Token obtained in the authentication process.
All Box Api endpoints i tried are working correctly, as the endpoints for Folders, Files, Metadata, etc.
The latest Api endpoint i tried to use was the List recently accessed items, documented here.
For some reason that i'm not understanding, when using the same Token that provides access to all API endpoints i tried as Folders, Files, Metadata, etc, the 2.0/recent_items endpoint, returns a 403 Forbidden error.
Here the details of a request to the endpoint.
GET /2.0/recent_items HTTP/1.1 Host: api.box.com Authorization: Bearer xYjRMUwfEqlimbIQbglDBlBu1OKbd---
403 Forbidden Date: Sat, 08 Feb 2020 21:49:19 GMT Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000 BOX-REQUEST-ID: 1ff7f21bace5e2b5684208244542e8154
When using the exact same Token for a different endpoint, everything works as expected, for example:
GET /2.0/folders/0/items HTTP/1.1 Host: api.box.com Authorization: Bearer xYjRMUwfEqlimbIQbglDBlBu1OKbd---
200 OK Date: Sat, 08 Feb 2020 21:51:39 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000 Cache-Control: no-cache, no-store Vary: Accept-Encoding BOX-REQUEST-ID: 0fc1d76e650d40ea4b8397ac98ffbfee8
The documentation does not suggest anything specific regarding Authorization.
Is there anything missing on the documentation, something i need to configure, etc?
What am i missing, and why is it not working?
Thank you very much!
When checking the App Authorization, it has all the available scopes, so i can't understand why listing the recent files is failing:
The selected application (KTnext) is authorized to access the following within your enterprise: Read and write all files and folders stored in Box Manage groups Manage webhooks v2 Manage enterprise properties Manage retention policies Admin can make calls on behalf of Users Enable integrations Manage users Manage app users Generate Tokens For the following users: All Users
What am i missing?
Also asked the question on GitHub to get a little more traction. This is currently blocking an integration project.