0

When attempting to delete a file using a token retrieved from the new create token method of authentication, a 403 forbidden is returned.

Here is a screen shot from Postman showing this: https://shibumi.box.com/s/769268e4bf726b5ee20a

The file that is a candidate for deletion is in the root 'sandbox' folder of the application. The file was uploaded via the v2 api using the 'instant mode' token for authorization.

Two screen shots, Slide1.jpg and Slide2.jpg are at this link: https://shibumi.box.com/s/5c0601d18060910410ca.

Slide1.jpg shows a call to create a file in Postman. The folder id specified in the call is for the root 'sandbox' folder. The auth_token passed in the Authorization header is the 'instant mode' token created by a previous call to create-token.

Slide2.jpg shows a call to delete the file which was created by the request in Slide1.jpg. The same Authorization header is being used which includes the 'instant mode' auth token. The 403 response is shown.

InfestedCoder
  • 11
  • 2

2 Answers2

0

FYI, the link you posted looks like you've restricted access to it, so I can't view it.

Are you certain you are trying to DELETE a file that is inside the folder that the restricted auth-token has access to? 'Instant mode' tokens are sandboxed inside their own folder. If you take a file that is outside the sandboxed folder (or one of it's children) then you're going to be denied in your request with a 4xx forbidden or similar.

Please feel free to post more details about the folder structure, and where the file sits. It could be a bug, but just want to make sure it is clear how instant mode tokens are supposed to work.

Peter
  • 2,551
  • 1
  • 14
  • 20
  • Thanks for your reply. I changed security on the link and added some additional information to help clarify where the file is located. – InfestedCoder Jun 12 '12 at 21:18
0

Looks like you've found a bug with the instant mode tokens. We will look into it.

Peter
  • 2,551
  • 1
  • 14
  • 20