Error Codes & Solutions

The Box API communicates errors through standard HTTP status codes with details supplied in JSON objects.

Generally the following pattern applies:

  • 2xx - Box received, understood, and accepted a request.
  • 3xx - The client must take further action in order to complete the request.
  • 4xx - An error occurred in handling the request. The most common cause of this error is an invalid parameter.
  • 5xx- Box received and accepted the request, but an error occurred while handling it.

If you have a suggested solution, please submit a suggested edit using the button on the top right of this page.

400 Bad Request



The specified Content-MD5 did not match what we received

While uploading a file, a Content-MD5 header with the SHA-1 hash of the file can be supplied to ensure that the file is not corrupted in transit. The SHA-1 hash that was supplied in the request did not match what was received in the upload. Supply a valid SHA-1 hash of the uploaded file.


Required parameters supplied in the API request are either missing or invalid. Check the extended error message in the response body for more details.


Cannot move a collaborated subfolder to a private folder unless the new owner is explicitly specified

Specify the ID of the user that the content should be transferred to by setting the field in the request.


Root folder cannot be collaborated

You cannot set collaborators on a user's root folder (folder ID 0). Use a different folder ID than the root folder.


Folder move creates cyclical folder structure

The folder ID specified in the folder move would create a cyclical folder structure (e.g. moving a folder to a sub-folder within itself). Change the folder ID for the folder move request.


Cannot delete – folder not empty

Delete all content from the folder before attempting to delete it.


Item type must be specified and set to 'folder'

The item.type field of the collaboration item should be set to folder.


Verify the authorization code is set correctly in your request, or your application likely needs to get a new authorization code.

The authorization code supplied in the API request is missing or no longer valid. Possible solutions are:

  • Verify that the access token is added correctly in the request.
  • If correctly set, the access token may have expired. Attempt to refresh the access token or fetch a new one.


Current date time must be before the expiration date time listed in the 'exp' claim.

This error occurs when the Unix time on your local machine and the Box server are out of sync.

To fix this error, update the Unix time on your machine to match the Unix time from this site, then try the request again.


Limit is not a valid number

Add a valid numeric value for the supplied limit value.


Offset is not a valid number

Add a valid numeric value for the supplied offset value.


Invalid input parameteres in request

Invalid parameters were sent in the API request. Check the API reference documentation for the correct request parameters that should be supplied for the API operation.


You can change the status only if the collaboration is pending

The status of a collaboration can only be updated to accepted or rejected by the user specified in the accessible_by field when the current status is set to pending. More information is available here.


The upload session ID provided in the URL is not of a valid format.

The session ID supplied when making a chunked upload API request was invalid. Use the same session ID from the session that was created.


Item name invalid

Verify that the file's name is valid. Box only supports file or folder names that are 255 characters or less. File names containing non-printable ascii, "/" or "\", names with leading or trailing spaces, and the special names “.” and “..” are also unsupported.


Item name too long

Shorten the length of the name that is being supplied for the item. The maximum length of a file or folder name in Box is 255 characters or less.


User needs to reset password

The user has not yet completed account setup steps.


Requested representation page out of range

The range header supplied does not fit within the size of the specified item. Adjust the bounds to fit within the size of the item and try again.


Requested preview unavailable

The thumbnail size requested for the file is not valid. See the reference docs for the API operation for available format sizes.


Cannot move a synced item

The item is set to be synced by the Box sync clients and cannot be moved. A possible solution is to set the sync_state of the item to not_synced.


Assigner does not have sufficient privileges to assign task to assignee

The user who is attempting to assign the task does not have the appropriate permissions to do so. Adjust the user permissions to allow the assignment of tasks.


User must accept custom terms of service before action can be taken

The admin of your Box account has set custom terms of service and the user has not logged in to accept the terms yet. The user will need to accept the terms of service, or the admin will have to disable them, in order to proceed. More information is available here.


User is already a collaborator

The user that you are attempting to collaborate in on an item is already collaborated on that item. This request is not needed.


Metadata is included after file contents in a file upload request.

Include the file metadata before the file's contents.

401 Unauthorized




Authorization token is not authorized, check extended error message in body for more details.

403 Forbidden



Access denied – insufficient permission

This error is typically produced when scopes that are needed for the API operation were not enabled. See here for solution information.


Access denied – item locked

You are attempting to access a locked fitem without appropriate permissions to access it. Unlock the item first, then try to access it again.


You’re attempting to log in to Box from a location that has not been approved by your admin. Please talk to your admin to resolve this issue.


File size exceeds the folder owner’s file size limit

See here for maximum file size limits based on account type.


Client does not have permission to upload to this session. Only the user who initiated the upload session may upload to it.


A password is required for the shared item, but it was either incorrect or not supplied.


Account storage limit reached

The storage limit of the account has been reached. Either upgrade your account or permanently delete content to continue. Content that is simply moved to the trash will still count towards the account total until it is permanently deleted.


User needs to complete email confirmation

The user has not yet completed steps for email confirmation.

404 Not Found



The resource could not be found. Check the extended error message in the response body for more details.


Item is not trashed

The item that is to be permanently deleted is not in the trash. Send the item to the trash first.


Preview cannot be generated

You are not able to generate a preview thumbnail for the specified file.


Item is trashed

The item that is to be accessed is in the trash and unavailable for modification. Move the item out of the trash and try again.

405 Method Not Allowed



Method Not Allowed

The HTTP method used for the API operation is not allowed. Check the API reference documentation for the HTTP verb needed for the API operation.

409 Conflict



A resource with this value already exists

This error may be produced when the resource to be created already exists. Check the extended error message in the response body for more details.


Item with the same name already exists

This error is produced when a resource with the same name already exists. Ensure that the resource name being added / modified is unique.


The item name is reserved by another processing item. Wait and then retry the request, or wait and check the parent folder to see if the name is in use.

Two duplicate requests have been submitted at the same time. Box acknowledges the first and reserves the name, but a second duplicate request arrives before the first request has completed. Allow the first request to complete before sending the second.


The operation is blocked by another ongoing operation

This error is returned when trying to access a folder that is blocked by another folder operation, such as a move or copy. Try again at a later interval.


A similar comment has been made recently

A similar comment was recently made, and the API has flagged it as a potential duplicate. Verify that the comment was indeed made, or modify the comment content and try again.


User with the specified login already exists

A user with the same email already exists. Either refer to the existing user or specify a different email.

410 Gone



The upload session associated with the given upload session ID has expired and can no longer be accessed.


The upload session is in an unrecoverable failed state and cannot continue. This or other requests have resulted in the upload session reaching a bad state (e.g. parts overlapping).
Possible situations where this may arise:

  • Maximum number of parts has been exceeded
  • Overlapping parts have been uploaded

411 Length Required



Content-Length header was required, but not provided.

Supply a content-length header within your API request.

412 Precondition Failed



The resource has been modified. Please retrieve the resource again and retry

Check the extended error message in the response body for more details.


The resource has been modified. Please retrieve the resource again and retry

Check the extended error message in the response body for more details.

413 Request Entity Too Large



Request Entity too Large

This error is produced when the size of the upload is more than the allowed maximum. Check the extended error message in the response body for more details.

429 Too Many Requests



Request rate limit exceeded, please try again later

The client is performing operations too quickly and has been rate limited. Client is advised to retry their request after the amount of time specified by the Retry-After header.

There are four rate limits to be aware of. There is a limit of 10 API calls per second per user. There is also a limit of 4 uploads per second per user, 6 searches per second per user up to 60 searches per minute, and 12 searches per second per enterprise.

To solve this error, consider these approaches:

  • Backing off when rate limits are hit using an exponential back off method.
  • Caching information when possible to reduce necessary calls.
  • Imposing throttling on calls made from the application to Box.

500 Internal Service Error



Internal Server Error

Client should retry using exponential back-off strategy

502 Bad Gateway



Client should retry using exponential back-off strategy

503 Unavailable




Please check our API status page for information.

Related Resources

Error Codes & Solutions

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.