download_zip api incompatible with downscoped tokens?
When using the download_zip api it seems to work correctly with non-downscoped tokens, but as soon as we use a downscoped token to call it, which is usually our workflow, we are returned a 401 unauthorized error. In this case I can't seem to find a scope to add that would make sense to allow this api to work correctly.
Is there a scope I can add that would make this call work correctly? Or does any type of downscoping cause this to fail?
Some details of the situation:
- The token is downscoped to the parent folder of all the files in our request, in this case we are not requesting any files outside of this folder when calling the download_zip API.
- The scopes that are included in this token are:
Hi @GreyLovelace - This is probably best addressed by Box Product Support. They may be able to tell what specific scope issue is happening. I suggest you open a support case and include a recent example of an API call (with the request_id if possible) as well as the time frame, enterprise id, and user id for it.