It is possible to for an OAuth 2.0 application to act on behalf of another user
curl https://api.box.com/2.0/folders/0 \ -H "as-user: [USER_ID]" -H "authorization: Bearer [ACCESS_TOKEN]"
as-user header has a few requirements. Firstly, the application
needs to be configured to perform actions as users in the developer
Additionally, the authenticated user needs to be a user with admin permissions, meaning either an admin, co-admin, or service account. See our guide on User Types for more details.