> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# as-user Header

export const Link = ({href, children, className, ...props}) => {
  const localizedHref = href;
  return <a href={localizedHref} className={className} {...props}>
      {children}
    </a>;
};

export const MultiRelatedLinks = ({sections = []}) => {
  if (!sections || sections.length === 0) {
    return null;
  }
  return <div className="space-y-8">
      {sections.map((section, index) => <RelatedLinks key={index} title={section.title} items={section.items} />)}
    </div>;
};

export const RelatedLinks = ({title, items = []}) => {
  const getBadgeClass = badge => {
    if (!badge) return "badge-default";
    const badgeType = badge.toLowerCase().replace(/\s+/g, "-");
    return `badge-${badge === "ガイド" ? "guide" : badgeType}`;
  };
  if (!items || items.length === 0) {
    return null;
  }
  return <div className="my-8">
      {}
      <h3 className="text-sm font-bold uppercase tracking-wider mb-4">{title}</h3>

      {}
      <div className="flex flex-col gap-3">
        {items.map((item, index) => <a key={index} href={item.href} className="py-2 px-3 rounded related_link hover:bg-[#f2f2f2] dark:hover:bg-[#111827] flex items-center gap-3 group no-underline hover:no-underline border-b-0">
            {}
            <span className={`px-2 py-1 rounded-full text-xs font-semibold uppercase tracking-wide flex-shrink-0 ${getBadgeClass(item.badge)}`}>
              {item.badge}
            </span>

            {}
            <span className="text-base">{item.label}</span>
          </a>)}
      </div>
    </div>;
};

<RelatedLinks
  title="REQUIRED GUIDES"
  items={[
{ label: translate("OAuth 2.0 with SDKs"), href: "/guides/authentication/oauth2/with-sdk", badge: "GUIDE" }
]}
/>

It is possible for a JWT application to act on behalf of another user
by leveraging the `as-user` header.

```sh theme={null}
curl https://api.box.com/2.0/folders/0 \
    -H "as-user: [USER_ID]" \
    -H "authorization: Bearer [ACCESS_TOKEN]"
```

<Info>
  In this situation the user ID is the Box identifier for a user. User IDs can
  found for any user via the `GET /users` endpoint, which is only available to
  admins, or by calling the `GET /users/me` endpoint with an authenticated user
  session.
</Info>

## Preconditions

The application must be configured to perform actions as users in the
[Developer Console][devconsole].

<Frame border center>
  <img src="https://mintcdn.com/box/J_EwM_J-GUl8Mc67/guides/authentication/jwt/enable-perform-actions-as-users.png?fit=max&auto=format&n=J_EwM_J-GUl8Mc67&q=85&s=57a515827d70f23db5848cdba4ed9d06" alt="Advanced Features" width="1394" height="496" data-path="guides/authentication/jwt/enable-perform-actions-as-users.png" />
</Frame>

Additionally, the authenticated user needs to be a user with Admin permissions,
meaning either an Admin or Co-Admin. See our guide on
<Link href="/platform/user-types">User Types</Link> for more details.

## as-user using SDKs

All of the <Link href="/guides/tooling/sdks">official Box SDKs</Link> support acting on behalf of a user using the
`as-user` header.

<CodeGroup>
  ```csharp .NET theme={null}
  var userClient = client.WithAsUserHeader("[USER_ID]");
  ```

  ```java Java theme={null}
  BoxClient userClient = client.withAsUserHeader("[USER_ID]");
  ```

  ```python Python theme={null}
  user_client = client.with_as_user_header('[USER_ID]')
  ```

  ```js Node theme={null}
  const userClient = client.withAsUserHeader('[USER_ID]');
  ```
</CodeGroup>

<Warning>
  These methods return a new client instance with the as-user header applied,
  leaving the original client unmodified.
</Warning>

## Limitations

* You cannot use the `user_id` of a <Link href="/platform/user-types/#service-account">Service Account</Link> in the `as-user` header.
* When impersonating a managed user, access is limited to content owned or controlled by the enterprise. Content owned by external users cannot be accessed through the `as-user` header.
* The `as-user` header cannot specify the same user ID as the authenticated user. If the specified user ID matches the current user, the request fails with a `403 Forbidden` error.

[devconsole]: https://app.box.com/developers/console

<RelatedLinks
  title="RELATED GUIDES"
  items={[
{ label: translate("JWT Auth"), href: "/guides/authentication/jwt/index", badge: "GUIDE" },
{ label: translate("Select Auth Method"), href: "/guides/authentication/select", badge: "GUIDE" }
]}
/>