4

I was trying to make Box Enterprise API work using As-User. I have a admin account which i used to try to retrieve the Contents in a sub account.

I first used the admin account to retrieve the User ID of the sub account. And added the User ID as a field "As-User: ########". However, I was returned with a reply of 403.

The error message : "The request requires higher privileges than provided by the access token."

I am using the access token i had used to retrieve the user list. Do I have to get a new access token using the as the new user? or is the admin access token fine? 

GET /2.0/folders/0/items HTTP/1.1\r
Host: api.box.com\r
Authorization: Bearer #######################\r
As-User: ########\r
Connection: close\r
\r

The access code is the same access code used to retrieve the user list /user

All the scopes has been checked

enter image description here

Kai Wu Toh
  • 236
  • 2
  • 17

3 Answers3

3

Your application must be manually approved by Box for As-User requests. The documentation mentions this but it's easy to miss. To start the approval process send Box a note and include your API Key.

John Hoerr
  • 7,955
  • 2
  • 30
  • 40
  • Thanks. I'll try this! – Kai Wu Toh Jan 05 '16 at 01:23
  • Is this still true? – Nicholas DiPiazza Mar 21 '17 at 17:31
  • We were able to do this with a configuration setting with our development site. Is that same checkbox in the admin area not available for enterprise? I don't have access to the admin login of an actual enterprise box right now. – Nicholas DiPiazza Mar 21 '17 at 18:34
  • 2
    From the Box API docs: *To enable this functionality for applications using OAuth2, please file a support ticket with your API key. To enable this functionality for applications using OAuth2 with JWT, please navigate to the Advanced Features section in the developer console and enable the "Perform actions on behalf of users" permission.* – Ryan Burney Feb 21 '18 at 20:57
0

I am unable to add a comment on this, so I would like to add (in case the support staff doesn't give you a head's up) you may have to do this after they enable the As-User header --

  1. Go back to your - Admin Console->Business Settings->Apps
  2. Find the Custom Applications section
  3. Authorize or reauthorize the app you are working with
user883992158
  • 325
  • 3
  • 17
-1

I had the same problem and found this: https://support.box.com/hc/ja/community/posts/360049157874-Insufficent-scope-when-trying-to-make-a-call-using-As-User-header

So you should use the scope admin_on_behalf_of.

Ben Feher
  • 1
  • 1
    A link to a solution is welcome, but please ensure your answer is useful without it: [add context around the link](//meta.stackexchange.com/a/8259) so your fellow users will have some idea what it is and why it is there, then quote the most relevant part of the page you are linking to in case the target page is unavailable. [Answers that are little more than a link may be deleted.](/help/deleted-answers) –  Dec 23 '21 at 17:19
  • 1
    @richardec: The answer suggested in the link is to use the `admin_on_behalf_of` scope, which is what the contributor also suggests in the body of their answer here. – Jeremy Caney Dec 24 '21 at 00:39
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/30660958) – eglease Dec 30 '21 at 16:13