New option for downscoping tokens using shared links
New option for downscoping tokens using shared links
When requesting an access token, you now have the ability to downscope that token to a file or folder using a shared link.
This new parameter may be used instead of using the resource parameter, which allows you to supply a file or folder ID to perform the same action.
Updates
- Added new
box_shared_linkrequest parameter to downscoping documentation. A shared link may be supplied to downscope an access token in the below way.
{
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "code=[CODE]" \
-d "grant_type=authorization_code"\
-d "box_shared_link=https://cloud.box.com/s/123456" \
}
- Added
box_shared_linkrequest parameter to request access token API reference.
New Metadata Query Indices Endpoint
New Metadata Query Indices Endpoint
A new API endpoint has been introduced to get a list of metadata query indices for a given template and scope.
Metadata queries provide a way to find files and folders by searching for the metadata attached to them.
When performing metadata queries on 10,000 or more files or folders,
non-performant queries may produce an HTTP 403 error.
Creating a search index delivers the ability to run
these queries at scale to bypass this error state, and are automatically applied
during the querying process.
The new endpoint permits the lookup of these created search indices.
Features
This release has introduced the following new content and features.
- New API endpoint to get a list of metadata query indices by scope and template.
- New metadata query index response object.
- New metadata query indices response object.
Updates
This release includes the following updated content.
- Updated metadata query indices guide to include details on how to get a list of metadata query indices.
Service Account email added to Developer Console
Service Account email added to Developer Console
Upon Admin authorization of an application leveraging server authentication,
the auto-generated email address of the Service Account is now surfaced in the
General tab of the Developer Console. This email address can then be used to
collaborate the user on Box content. The format will always be
AutomationUser_AppServiceID_RandomString@boxdevedition.com. For example,
AutomationUser_123456_6jCo6Pqwo@boxdevedition.com.
To learn more, see our guide on User Types and Service Accounts.
Features
- Added auto-generated email address of Service Account user to Developer Console
New Collection Events
New Collection Events
External collection events are now available via the enterprise events stream.
Collections in Box are a way to group files, folders, and web links without putting them all into a folder together. These new events provide a method for monitoring when collection actions are taken within an enterprise.
The events follow the standard event object schema, and include the following:
COLLECTION_CREATE: A collection was createdCOLLECTION_DELETE: A collection was deletedCOLLECTION_UPDATE: A collection was updatedCOLLECTION_ITEM_CREATE: An item was added to a collectionCOLLECTION_ITEM_DELETE: An item was removed from a collectionCOLLECTION_ITEM_UPDATE: An item in a collection was updated
Box CLI v2.9.0 released
Box CLI v2.9.0 released
New Features and Enhancements
- Add ability to add an option to a metadata template multi select field (#230)
- Add folder lock functionality (#232)
- Add support for search parameter to get shared link items (#233)
Bug Fixes:
- Fix events command bug when there is no stream position flag (#234)
- Fix bug with folders:upload command not uploading folder contents (fixes https://github.com/box/boxcli/issues/231
)
Box Shield Smart Access events
Box Shield Smart Access events
External collaboration restriction and justification approval events are now available via the enterprise events stream.
Box Shield must be purchased and enabled on a Box enterprise in order to take advantage of these advanced security offerings.
These events follow the standard event object schema, with the
event_type value set of:
SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED_MISSING_JUSTIFICATION,
SHIELD_EXTERNAL_COLLAB_INVITE_JUSTIFIED,
SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED
SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED_MISSING_JUSTIFICATION,
SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED, or
SHIELD_JUSTIFICATION_APPROVAL.
The additional_details payload of each event provides more information. Full
details can be found in our [Shield Events guide.
Features
- Add support for Box Shield external collaboration and justification approval events to the enterprise events stream
Box API response header changes that may impact your applications
Box API response header changes that may impact your applications
On May 10th, 2021, as part of our continued infrastructure upgrade, Box's API response headers will standardize to always return in a case-insensitive manner, in line with industry best practices and our API documentation.
This change has the following potential impact:
- Salesforce SDK
v1users will be impacted and will need to upgrade to a recent SDK version. Not doing so will cause your Box Salesforce integration to cease functioning after May 10th, 2021. - Box API consumers who do not use one of the Box SDKs may be impacted and will need to verify header usage through their code. Depending on your header usage, not making adjustments may cause disruptions in your Box API integration.
All customers and application admins who are potentially impacted have been notified directly via email.
Change overview
Applications that are using the return headers described above, such as
location and retry-after, will need to verify that their applications are
checking for these headers in a case-insensitive fashion. Over the past 12
months Box has been upgrading its networking and observability infrastructure.
These upgrades aim to improve reliability and availability of Box's products
for our customers. This specific change allows Box to deploy an updated service
proxy, enabling Box to better monitor service traffic, quickly find
problem areas, and tune application performance.
API Consumers: Verifying application impact
Verifying whether your application(s) will be impacted will require a review of your code. If you are solely using one of the official Box SDKs to connect to Box APIs, you will not be impacted as the SDKs handle response headers in a case-insensitive manner.
You may verify whether you are impacted with the following steps:
- Locate the code in your application which handles the responses from Box API requests. If you are not extracting the response headers from these responses, you are not impacted.
- If you are extracting those response headers, you may be impacted if you are expecting those headers in a case-sensitive fashion.
For instance, if you are expecting the Location header to be returned with a
starting capital L, a direct string comparison with a specific case, then
your code will need to be altered to prevent it from breaking after the change
is made.
API Consumers: How to make the change
To update the impacted application(s), ensure that you are checking these
response headers in a case-insensitive manner. Specifically, your code should
be built in a defensive way to ensure that if a header, such as Location, is
sent with an initial capital L or a lowercase l, it'll be handled in the
same way. For example, forcing all headers to lowercase before checking, or
using a case-insensitive regex string check, are two viable methods for
handling this process.
Salesforce SDK v1 users: Verifying application impact
If you are unsure whether you are using v1.0 of the Box Salesforce SDK, go to
the application code location where you have stored the Box Salesforce SDK and
do the following:
Load the following Salesforce SDK file: src/classes/BoxApiRequest.cls
Look for the following lines (should be lines 6-7):
public final static String HEADER_LOCATION_LOWER_CASE = 'location';
public final static String HEADER_LOCATION_CAPITALIZED = 'Location';
If those lines are present then you are using v1.1.0 or later of the
Salesforce SDK, which is not impacted and no changes are needed. If those lines
are not present then you are using v1.0 of the Salesforce SDK, which will be
impacted and will need to be updated.
Salesforce SDK v1 users: How to make the change
To update the impacted application(s), you will need to update the version of
the Salesforce SDK that you are using. It is recommended that you upgrade to
the most recent version of the SDK, but anything from
v1.1.0 or later will be adequate to ensure that
there is no impact to your application(s).
Where to get support
Should you have any issues or need further guidance, please file a ticket with our support team or post a request to our developer forum for any help needed.