Changelog
  • All
  • New features
  • Impactful changes
  • API
  • Java
  • Windows
  • Python
  • Node
  • CLI
  • UI Elements
Unread

New option for downscoping tokens using shared links

Feature API

New option for downscoping tokens using shared links

When requesting an access token, you now have the ability to downscope that token to a file or folder using a shared link.

This new parameter may be used instead of using the resource parameter, which allows you to supply a file or folder ID to perform the same action.

Updates

  • Added new box_shared_link request parameter to downscoping documentation. A shared link may be supplied to downscope an access token in the below way.
{
  curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "code=[CODE]" \
     -d "grant_type=authorization_code"\
     -d "box_shared_link=https://cloud.box.com/s/123456" \
}
Unread

Box Java SDK v2.54.0 released

Feature SDKs Java GitHub

Box Java SDK v2.54.0 released

New Features and Enhancements:

  • Add file request support (#869)

Bug Fixes:

  • Fix BoxWeblink deserialization (#881)
Unread

New Metadata Query Indices Endpoint

Feature API

New Metadata Query Indices Endpoint

A new API endpoint has been introduced to get a list of metadata query indices for a given template and scope.

Metadata queries provide a way to find files and folders by searching for the metadata attached to them.

When performing metadata queries on 10,000 or more files or folders, non-performant queries may produce an HTTP 403 error. Creating a search index delivers the ability to run these queries at scale to bypass this error state, and are automatically applied during the querying process.

The new endpoint permits the lookup of these created search indices.

Features

This release has introduced the following new content and features.

Updates

This release includes the following updated content.

Unread

Service Account email added to Developer Console

Feature API

Service Account email added to Developer Console

Upon Admin authorization of an application leveraging server authentication, the auto-generated email address of the Service Account is now surfaced in the General tab of the Developer Console. This email address can then be used to collaborate the user on Box content. The format will always be AutomationUser_AppServiceID_RandomString@boxdevedition.com. For example, AutomationUser_123456_6jCo6Pqwo@boxdevedition.com.

To learn more, see our guide on User Types and Service Accounts.

Features

  • Added auto-generated email address of Service Account user to Developer Console
Unread

New Collection Events

Feature API

New Collection Events

External collection events are now available via the enterprise events stream.

Collections in Box are a way to group files, folders, and web links without putting them all into a folder together. These new events provide a method for monitoring when collection actions are taken within an enterprise.

The events follow the standard event object schema, and include the following:

  • COLLECTION_CREATE: A collection was created
  • COLLECTION_DELETE: A collection was deleted
  • COLLECTION_UPDATE: A collection was updated
  • COLLECTION_ITEM_CREATE: An item was added to a collection
  • COLLECTION_ITEM_DELETE: An item was removed from a collection
  • COLLECTION_ITEM_UPDATE: An item in a collection was updated
Unread

Box CLI v2.9.0 released

Feature CLI GitHub

Box CLI v2.9.0 released

New Features and Enhancements

  • Add ability to add an option to a metadata template multi select field (#230)
  • Add folder lock functionality (#232)
  • Add support for search parameter to get shared link items (#233)

Bug Fixes:

)

Unread

Box Shield Smart Access events

Feature API

Box Shield Smart Access events

External collaboration restriction and justification approval events are now available via the enterprise events stream.

Box Shield must be purchased and enabled on a Box enterprise in order to take advantage of these advanced security offerings.

These events follow the standard event object schema, with the event_type value set of: SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED_MISSING_JUSTIFICATION, SHIELD_EXTERNAL_COLLAB_INVITE_JUSTIFIED, SHIELD_EXTERNAL_COLLAB_INVITE_BLOCKED SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED_MISSING_JUSTIFICATION, SHIELD_EXTERNAL_COLLAB_ACCESS_BLOCKED, or SHIELD_JUSTIFICATION_APPROVAL.

The additional_details payload of each event provides more information. Full details can be found in our [Shield Events guide.

Features

  • Add support for Box Shield external collaboration and justification approval events to the enterprise events stream
Unread

Box API response header changes that may impact your applications

Impactful API

Box API response header changes that may impact your applications

On May 10th, 2021, as part of our continued infrastructure upgrade, Box's API response headers will standardize to always return in a case-insensitive manner, in line with industry best practices and our API documentation.

This change has the following potential impact:

  • Salesforce SDK v1 users will be impacted and will need to upgrade to a recent SDK version. Not doing so will cause your Box Salesforce integration to cease functioning after May 10th, 2021.
  • Box API consumers who do not use one of the Box SDKs may be impacted and will need to verify header usage through their code. Depending on your header usage, not making adjustments may cause disruptions in your Box API integration.

All customers and application admins who are potentially impacted have been notified directly via email.

Change overview

Applications that are using the return headers described above, such as location and retry-after, will need to verify that their applications are checking for these headers in a case-insensitive fashion. Over the past 12 months Box has been upgrading its networking and observability infrastructure. These upgrades aim to improve reliability and availability of Box's products for our customers. This specific change allows Box to deploy an updated service proxy, enabling Box to better monitor service traffic, quickly find problem areas, and tune application performance.

API Consumers: Verifying application impact

Verifying whether your application(s) will be impacted will require a review of your code. If you are solely using one of the official Box SDKs to connect to Box APIs, you will not be impacted as the SDKs handle response headers in a case-insensitive manner.

You may verify whether you are impacted with the following steps:

  • Locate the code in your application which handles the responses from Box API requests. If you are not extracting the response headers from these responses, you are not impacted.
  • If you are extracting those response headers, you may be impacted if you are expecting those headers in a case-sensitive fashion.

For instance, if you are expecting the Location header to be returned with a starting capital L, a direct string comparison with a specific case, then your code will need to be altered to prevent it from breaking after the change is made.

API Consumers: How to make the change

To update the impacted application(s), ensure that you are checking these response headers in a case-insensitive manner. Specifically, your code should be built in a defensive way to ensure that if a header, such as Location, is sent with an initial capital L or a lowercase l, it'll be handled in the same way. For example, forcing all headers to lowercase before checking, or using a case-insensitive regex string check, are two viable methods for handling this process.

Salesforce SDK v1 users: Verifying application impact

If you are unsure whether you are using v1.0 of the Box Salesforce SDK, go to the application code location where you have stored the Box Salesforce SDK and do the following:

Load the following Salesforce SDK file: src/classes/BoxApiRequest.cls

Look for the following lines (should be lines 6-7):

public final static String HEADER_LOCATION_LOWER_CASE = 'location';
public final static String HEADER_LOCATION_CAPITALIZED = 'Location';

If those lines are present then you are using v1.1.0 or later of the Salesforce SDK, which is not impacted and no changes are needed. If those lines are not present then you are using v1.0 of the Salesforce SDK, which will be impacted and will need to be updated.

Salesforce SDK v1 users: How to make the change

To update the impacted application(s), you will need to update the version of the Salesforce SDK that you are using. It is recommended that you upgrade to the most recent version of the SDK, but anything from v1.1.0 or later will be adequate to ensure that there is no impact to your application(s).

Where to get support

Should you have any issues or need further guidance, please file a ticket with our support team or post a request to our developer forum for any help needed.

Unread

Box iOS SDK v4.3.0 released

Feature SDKs iOS Mobile GitHub

Box iOS SDK v4.3.0 released

Breaking Changes:

New Features and Enhancements:

  • Add support for OAuth 2 custom callback URL (#746)
  • Add support for zip download (#749)

Bug Fixes:

  • Update gems to patch kramdown vulnerability (#742)
  • Update gems to patch activesupport vulnerability (#745)
Unread

Box Node SDK v1.36.0 released

Feature SDKs Node GitHub

Box Node SDK v1.36.0 released

New Features and Enhancements:

  • Add folder lock functionality (#560)
  • Add support for filtering groups by name (#561)

Bug Fixes:

  • Update proxy-agent to patch proxy support issue (#563)
  • Update dependencies to patch security vulnerabilities (#566)