It is possible to for a JWT application to act on behalf of another user
by leveraging the as-user header.
curl https://api.box.com/2.0/folders/0 \
-H "as-user: [USER_ID]"
-H "authorization: Bearer [ACCESS_TOKEN]"
In this situation the user ID is the Box identifier for a user. User IDs can
found for any user via the GET /users endpoint, which is only available to
admins, or by calling the GET /users/me endpoint with an authenticated user
session.
Preconditions
The application must be configured to perform actions as users in the
Developer Console.
Additionally, the authenticated user needs to be a user with Admin permissions,
meaning either an Admin or Co-Admin. See our guide on
User Types for more details.
as-user using SDKs
All of the official Box SDKs support acting on behalf of a user using the
as-user header.
var user_client = new BoxClient(config, session, asUser: '[USER_ID]');
Please note that some of our SDKs create new clients for the other user, while
others modify the existing client and provide a way to return to a state where
the client authenticates for the original user itself.
