-
Recently active
Hi,I have a service account that was invited into a few client’s folders. It was probably renamed and it is under developers console → Platform Apps → Name of app now. I got everything here as Authorized and enabled since Jan 2023. Client changed security and enforces 2FA now, which I do have for my account. If I go to to the Content Manager, I see nothing here. All folders I had access to are gone. From the folder’s perspective I see the automation user as Pending I’m also Co-owner in another folder and I have rights to resend the invitationit says it does sent the email but that email is automatically generated so I assumed it comes to me or ideally all owners of the app as listed here but nope, I didn’t receive anything nor other Admins. How am I supposed to accept the invitation to virtual email that doesn’t exist? My use case is that I want to upload files or create sub-folders in a given folder from our integration application. It is our client’s Box probably as Enterprise and t
I want to create a python script that grabs data from SQL Server, creates a csv, and drops it into my box.com folder automatically. I can do this with a developer token, but that expires after 60 minutes.The issue is that I have a enterprise_id of 0. Company A uses box.com and they are getting data from a bunch of Companies like mine. So they instructed me (Company B) to create a free personal account and they shared a folder with me that I can dump my data into.I have to drop data in weekly, and setting up an automated process would be best. I created a developer account and got a developer token and was successful in a test. But I need a token that lasts longer, and I am reading that JWT does not work with enterprise_ids of 0. OAuth doesn’t really apply to my situation.Is there anything I can do to automate this process?
Will keep it short and sweet. I am looking to build a folder structure traversal UX that includes search/sort/filtering capabilities. e.g.Find me files with metadata attribute == X in folder YIt doesn’t seem like this is possible today. There are three APIs in questionGet Folder ItemsSearchMetadata Query Search and Metadata Query do not have the ability to only search within a single folder. Get Folder Items is limited in it’s filtering capabilities. It seems like an attribute I would expect in the metadata query filter options. ancestor_folder_id does not look at just a single folder, it looks at all folders below, which means we cannot recreate the folder structure navigation experience without serious server interception (prohibitively expensive). Has anyone solved this? Is this a known issue in the API offering?
We created a Box Platform App using JWT server authentication. The app is configured as App Access Only, not App + Enterprise Access, and the authorized scope currently shown is “Read all files and folders stored in Box.”The JWT token authenticates as the app’s Service Account / Automation User. In our case, the token identifies as:Name of automation serviceE-mail of automation serviceWhat is confusing is that we have not intentionally collaborated that Service Account onto the target folder or any parent folder. The folder and test Excel files were created by my sandbox admin user, not by the Service Account. Despite that, when we call the Box API with the JWT Service Account token and provide the folder ID, the app can list the folder contents and read file/folder metadata.For example, it can see the folder and files and read metadata such as owner, creator, file name, file ID, permissions, etag, etc. The metadata shows the folder/file is owned and created by my sandbox user, not the
Hi everyone,I have used Box Microsoft Sentinel Codeless Connector (CCP) connector which uses the REST API Poller to ingest Box Enterprise Events.The connector authenticates using the Client Credentials Grant against the Box OAuth endpoint.OAuth EndpointPOST https://api.box.com/oauth2/tokenGrant Typeclient_credentialsAdditional Parametersbox_subject_type=enterprisebox_subject_id=<Enterprise ID>The connector configuration is similar to:"auth": { "type": "OAuth2", "grantType": "client_credentials", "TokenEndpoint": "https://api.box.com/oauth2/token"}However, the connector consistently fails.Microsoft Sentinel reports the following error:RES40001Invalid Credential or cannot get credential for example OAuth2 access token.Call failed with status code 429 (Too Many Requests):POST https://api.box.com/oauth2/tokenNote that the credentials used are valid, Microsoft Sentinel Data Connector shows the following:
I just created a webhook v1 and it says that I need to contact support in order to enable it, but it seems I need to have an Enterprise account in order to contact support in order to enable my webhook v1 for other users?
I’m trying to download a file that I created via the API, but keep getting an SSL error. Note that I can download the same file successfully using the API Developer playground, providing just the file ID and my developer token. See curl output below:$ curl -i -L "https://api.box.com/2.0/files/ [removed by moderator] /content" -H "authorization: Bearer <REDACTED_TOKEN>"HTTP/2 302 date: Wed, 11 Mar 2026 12:55:49 GMTx-envoy-upstream-service-time: 259location: <REDACTED_LINK>box-request-id: 07a3f1d1a260e4d0957df37044c38d148cache-control: no-cache, no-storestrict-transport-security: max-age=31536000via: 1.1 googlecontent-length: 0alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000curl: (35) error:0A000126:SSL routines::unexpected eof while reading
現在ServiceNowとAPI連携を行い、ServiceNow側からAPIを叩いてBOX内にフォルダを作成する仕組みを作成しています。要件の一部に、フォルダに対して22日後に自動削除されるよう設定するという要件があるのですが、調べてみたところ、BOX APIにフォルダ削除日の設定は存在しないという結論に至りました。ただ、私自身BOXの利用経験が浅く情報が最新かどうか判断しかねている次第です。また、存在しない場合どのような代替方法があるかなど、過去に実装経験がある方や知見がございましたらご教示いただきたいです。 よろしくお願いいたします。
I am getting {"type":"error","status":404,"code":"not_found","help_url":"http://developers.box.com/docs/#errors","message":"Authorization Failed","request_id":"redacted"} when I call https://api.box.com/2.0/tasks/{task_id} though I have no issue listing all tasks using the same token with https://api.box.com/2.0/files/{file_id}/tasks
Hi All,Got a client that wants their files on box (previously sftp) and I've gotten the Box CLI to upload files to a folder and will be looking to schedule it on a weekly basis for the client. I'm targeting the folder purely by folder ID using "box files:upload <filename> --parent-id <folder id>” in PowerShell (I know, gross!).The client has their box url branded but not sure how to handle it in the future if we have more clients wanting to use Box. If the clients I need to post to each have their own branded Box URLs (e.g. cmpa.app.box.com/folder/111111, compb.app.box.com/folder/22222 etc).My question is: are folder IDs globally unique across all Box tenants (cmpa, cmpb, cmpc)? In other words, if I upload to folder ID 111111, is it guaranteed to land in that exact folder for client A regardless of whether I previously posted to Client B's 22222 folder with the same box account and token (via CLI)?Are the branded URLs purely cosmetic, with only the folder ID being conside
Calling all developers! The Box Developer Platform is evolving rapidly to support the next generation of custom integrations and AI-powered applications.In our latest product roadmap session, we deep-dived into emerging headless interfaces, including connecting AI agents (like ChatGPT and Claude) to your Box instance via the Box MCP Server.We also discussed simplifying the developer experience with the upcoming npm install box command, providing AI unit entitlements for free developer accounts, and making the Box AI agent accessible via Slack and MCP. 📌 Read the full developer breakout summary and watch the session here!
I created a box developer account to investigate how to integrate our customer's Box repository with our tool. Everything went create with Oauth and the developer token, but when I started experimenting with Client Credentials Grant, I simply can't get it to work.When I try to make a request with the client id, client secret and my own user ID, I get:"App is not yet authorized for use"In my console I can see messages like:"Log in or sign up for a Box Developer account to access all of the Developer Console features."Which is something that also pops up at the top of my Developer Console page. Not sure how I can create a Box Developer account since, as far as I can tell, I already have one.
Would the custom agent’s activity be tracked with “BOX_AI_USER_REQUEST”, the same event type as the Box AI chat? Or is it different for custom agents?
Hi Team,I created an Oauth application in box developer console, it is showing status as pending enablement. How can I get it enabled. I need this application as part of automating our workflow. please suggest
We have a Box Co-Admin account with the following permissions enabled: Manage Users Manage Groups View Users' Content Edit Users' Content Log into Users' Account The Co-Admin can successfully impersonate regular managed users using the As-User API.The same Co-Admin can also view another Co-Admin's files and folders through the Content Manager functionality in the Box Admin Console.However, when attempting to access the other Co-Admin's content using the As-User header, the API returns HTTP 403 Forbidden.Questions: Is Co-Admin to Co-Admin impersonation supported through the As-User API? Is the 403 response expected behavior? If Content Manager can view another Co-Admin's content, is there a public API equivalent to Content Manager? Is there a supported way to programmatically access another Co-Admin's content for migration purposes? Any documentation references would be appreciated.
I am having a challenge with the Claude MCP Integration. Has anyone experienced this and has a solution? Claude for Box MCP Integration — File Version Upload FailureIntegration: Claude for Box (Official MCP integration, listed in Box App Center) Issue: The Claude MCP integration is unable to upload new versions of existing files despite being fully authorized. The integration returns a permissions error when attempting to call the Box file version upload API endpoint.Authorization status: The integration shows "Integration Added" in Box with the following granted scopes:Read all files and folders stored in Box Read and write all files and folders stored in Box Manage Docgen Requests Manage AI RequestsExpected behavior: With read/write scope granted, the integration should be able to upload new versions of existing files owned by the authorized user.Question for Box support: Does the Claude for Box MCP app (published by Box in the App Center) have the item_upload scope enabled in its ap
We are using the BOX API with a service ID to connect and fetch files from BOX.The connection is working successfully, and able to fetch filenames and metadata with IDs. But although the API connection is still successful, no files are being fetched from the search query even though the data is available in BOX.Could you please help us diagnose the issue and let us know if there are any API limitations, token/session expiry issues, rate limits, scheduled maintenance activities, or permission-related concerns that could be causing this behaviour?long offsetValue = 0;long limitValue = 2000000;BoxSearch boxSearch = new BoxSearch(api);BoxSearchParameters searchParams = new BoxSearchParameters();searchParams.setQuery("*");List<String> folderIds = new ArrayList<>();folderIds.add(folderId);searchParams.setAncestorFolderIds(folderIds);do {searchResults = boxSearch.searchRange(offsetValue, limitValue, searchParams); for (BoxItem.Info itemInfo : searchResults) { System.out.prin
I am building a multi-tenant SaaS platform and looking to integrate Box. Here's the use case: - Customers have their own existing Box accounts - Each customer would share one specific folder in their Box with our account - Our backend needs to create subfolders and upload files into those customer-shared folders automatically - Content should live in the customer's Box, not oursWhich authentication would you recommend? The concern of using OAuth is that when refreshing a token it invalidates an existing token which could create issues across tenants. But I am not sure if App User and Service Account are intendedly made for the case when customers are box users
I am currently developing an integration that relies on Box webhooks to maintain a synchronized state between Box and my application’s internal database. I have encountered a discrepancy in how Box triggers events for nested folder structures during trash and restore operations.Observed Behavior:Deletion: When a parent folder containing multiple sub-folders is moved to the trash, the Webhook API correctly emits a FOLDER.TRASHED event for the parent folder, followed by individual FOLDER.TRASHED events for every nested sub-folder. This allows my application to accurately update the status of each item in my database. Restoration: When I restore the parent folder from the trash, all nested sub-folders are correctly restored in the Box UI. However, the Webhook API only emits a single FOLDER.RESTORED event for the parent folder. No events are generated for the sub-folders that were restored as part of that tree.Technical Impact: Because my application relies on individual events to trigger
現在クライアント先でDX推進支援をさせていただいている者です。クライアントの会社でBoxを使用しているのですが、Box relayを含むツール・サイトの情報を一つのサイトに集約して表示する仕組みの構築を検討しており、調査を進めています。つきましては、製品仕様について以下の点を聞きたいのですが、お詳しい方いらっしゃいますでしょうか。---【質問】1. API利用規約上の制限について - 弊社の社内サーバー(Azure VM・AWS等)からAPIを呼び出すことは、利用規約上問題ございませんでしょうか。 - データの二次利用(ダッシュボードへの表示)に関して制限事項がございましたら、お教えいただけますと幸いです。 ※アクセスは社内メンバーに限定され、インターネット経由での利用を前提としております。
Can anyone provide the details of each stream type on how old events we receive.1. stream_type : all : how much back in time the events will be ? there is no documentation stating this2. stream_type: changes : how much back in time the events will be and will I get all the collaboration events without any exception ?3. stream_type: admin_logs : how much back in time the events will be and can we filter a single user events ? As per documentation it will be 1 year and we can give start and end time between which we need events for4. stream_type: admin_logs_stream: how much back in time the events will be and can we filter a single user events ?
Hi Team,I have requirement for generating the USER_AUTHENTICATE_OAUTH2_ACCESS_TOKEN_CREATE event. I tried with configuring the OAuth 2.0 and getting Client ID, Secret. Tried every bit possibilities but no luck so far. Note : I have this Box Enterprise Trial account.
I am using Box API v10 via the Node SDK to query for Folders, specifically:client.folders.getFolderItems(parentId) // parentId is a folder name that exists (e.g. ‘QCG Test’) The value I am receiving from Box API does not match the Folder ID found in the URL of the folder when viewing My Account.For Example:My folder name is “QCG Test” with an Id (from Box URL) of: ********5204The value received when I query for this Folder ID from the API returns as: ********0532Note: The values above are edited to censor the full ID. The censored digits do not match as well.
Hey, is it possible to add sha1 to v3 items bulk endpoint?
I would like to change the name that appears as the "updater" when a file is updated via a Box JWT authentication app.I have already tried changing the JWT application name itself, but this did not change the associated Service Account name. Additionally, when I attempted to modify the automatically generated Service Account name using my Box Admin account, I encountered a permission error and was unable to save the changes.Could you please let me know if it is possible for Box Support to change this Service Account name (or its display name) on your end?Thank you for your assistance.Best regards,
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.