Authorize a user by sending them through the Box website and request their permission to act on their behalf.
This is the first step when authenticating a user using OAuth 2.0. To request a user's authorization to use the Box APIs on their behalf you will need to send a user to the URL with this format.
curl -i -X GET "https://account.box.com/api/oauth2/authorize?response_type=code&client_id=ly1nj6n11vionaie65emwzk575hnnmrk&redirect_uri=http://example.com/auth/callback"
Request an Access Token using either a client-side obtained OAuth2 authorization code or a server-side JWT assertion.
An Access Token is a string that enables Box to verify that a request belongs to an authorized session. In the normal order of operations you will begin by requesting authentication from the authorize endpoint and Box will send you an authorization code.
You will then send this code to this endpoint to exchange it for an Access Token. The returned Access Token can then be used to to make Box API calls.
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "code=[CODE]" \
-d "grant_type=authorization_code"
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "refresh_token=[REFRESH_TOKEN]" \
-d "grant_type=refresh_token"
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "subject_token=[ACCESS_TOKEN]" \
-d "subject_token_type=urn:ietf:params:oauth:token-type:access_token" \
-d "scope=item_upload item_preview base_explorer" \
-d "resource=https://api.box.com/2.0/folders/123456" \
-d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange"
Revoke an active Access Token, effectively logging a user out that has been previously authenticated.
curl -i -X POST "https://api.box.com/oauth2/revoke" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "token=[ACCESS_TOKEN]"
Creates a token using Client Credentials Grant, which allows you to log in as a Service Account.
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "grant_type=client_credentials" \
-d "box_subject_type=enterprise" \
-d "box_subject_id=[ENTERPRISE_ID]"
Creates a token using Client Credentials Grant, which allows you to log in as an admin or a managed user.
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "grant_type=client_credentials" \
-d "box_subject_type=user" \
-d "box_subject_id=[USER_ID]"
Creates a token using Client Credentials Grant, which allows you to log in as any app user.
curl -i -X POST "https://api.box.com/oauth2/token" \
-H "content-type: application/x-www-form-urlencoded" \
-d "client_id=[CLIENT_ID]" \
-d "client_secret=[CLIENT_SECRET]" \
-d "grant_type=client_credentials" \
-d "box_subject_type=user" \
-d "box_subject_id=[APPUSER_ID]"
curl -i -L POST "https://api.box.com/2.0/ai/ask" \
-H "content-type: application/json" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"mode": "single_item_qa",
"prompt": "What is the value provided by public APIs based on this document?",
"items": [
{
"type": "file",
"id": "9842787262"
}
],
"dialogue_history": [
{
"prompt": "Make my email about public APIs sound more professional",
"answer": "Here is the first draft of your professional email about public APIs",
"created_at": "2013-12-12T10:53:43-08:00"
}
],
"include_citations": true,
"ai_agent": {
"type": "ai_agent_ask",
"long_text": {
"model": "azure__openai__gpt_4o_mini",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini",
}
}
}'
curl -i -L POST "https://api.box.com/2.0/ai/ask" \
-H "content-type: application/json" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"mode": "single_item_qa",
"prompt": "What is the value provided by public APIs based on this document?",
"items": [
{
"type": "file",
"id": "9842787262"
}
],
"dialogue_history": [
{
"prompt": "Make my email about public APIs sound more professional",
"answer": "Here is the first draft of your professional email about public APIs",
"created_at": "2013-12-12T10:53:43-08:00"
}
],
"include_citations": true,
"ai_agent": {
"type": "ai_agent_ask",
"long_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0.0,
"top_p": 1.0,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
},
"embeddings": {
"model": "openai__text_embedding_ada_002",
"strategy": {
"id": "basic",
"num_tokens_per_chunk": 8400
}
}
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0.0,
"top_p": 1.0,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
}
},
"long_text_multi": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0.0,
"top_p": 1.0,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
},
"embeddings": {
"model": "openai__text_embedding_ada_002",
"strategy": {
"id": "basic",
"num_tokens_per_chunk": 8400
}
}
},
"basic_text_multi": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0.0,
"top_p": 1.0,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
}
}
}'
curl -i -L POST "https://api.box.com/2.0/ai/text_gen" \
-H "content-type: application/json" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"prompt": "Write a social media post about protein powder.",
"items": [
{
"id": "12345678",
"type": "file",
"content": "More information about protein powders"
},
],
"dialogue_history": [
{
"prompt": "Can you add some more information?",
"answer": "Public API schemas provide necessary information to integrate with APIs...",
"created_at": "2013-12-12T11:20:43-08:00"
}
],
"ai_agent": {
"type": "ai_agent_text_gen",
"basic_gen": {
"model": "azure__openai__gpt_4o_mini"
}
}
}'
curl -i -L POST "https://api.box.com/2.0/ai/text_gen" \
-H "content-type: application/json" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"prompt": "Write a social media post about protein powder.",
"items": [
{
"id": "12345678",
"type": "file",
"content": "More information about protein powders"
},
],
"dialogue_history": [
{
"prompt": "Make my email about public APIs sound more professional",
"answer": "Here is the first draft of your professional email about public APIs",
"created_at": "2013-12-12T10:53:43-08:00"
},
{
"prompt": "Can you add some more information?",
"answer": "Public API schemas provide necessary information to integrate with APIs...",
"created_at": "2013-12-12T11:20:43-08:00"
}
],
"ai_agent": {
"type": "ai_agent_text_gen",
"basic_gen": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 2.0,
"top_p": 1.0,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
},
"embeddings": {
"model": " openai__text_embedding_ada_002",
"strategy": {
"id": "basic",
"num_tokens_per_chunk": 64
}
},
"content_template": "---{content}---"
}
}
}'
curl -L GET "https://api.box.com/2.0/ai_agent_default?mode=text_gen" \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -i -L 'https://api.box.com/2.0/ai/extract_structured' \
-H 'content-type: application/json' \
-H 'authorization: Bearer <ACCESS_TOKEN>' \
-d '{
"items": [
{
"id": "12345678",
"type": "file",
"content": "This is file content."
}
],
"metadata_template": {
"template_key": "",
"type": "metadata_template",
"scope": ""
},
"fields": [
{
"key": "name",
"description": "The name of the person.",
"displayName": "Name",
"prompt": "The name is the first and last name from the email address.",
"type": "string",
"options": [
{
"key": "First Name"
},
{
"key": "Last Name"
}
]
}
],
"ai_agent": {
"type": "ai_agent_extract",
"long_text": {
"model": "azure__openai__gpt_4o_mini"
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini"
}
}
}'
curl -i -L 'https://api.box.com/2.0/ai/extract_structured' \
-H 'content-type: application/json' \
-H 'authorization: Bearer <ACCESS_TOKEN>' \
-d '{
"items": [
{
"id": "12345678",
"type": "file",
"content": "This is file content."
}
],
"metadata_template": {
"template_key": "",
"type": "metadata_template",
"scope": ""
},
"fields": [
{
"key": "name",
"description": "The name of the person.",
"displayName": "Name",
"prompt": "The name is the first and last name from the email address.",
"type": "string",
"options": [
{
"key": "First Name"
},
{
"key": "Last Name"
}
]
}
],
"ai_agent": {
"type": "ai_agent_extract",
"long_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0,
"top_p": 1,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
},
"embeddings": {
"model": "openai__text_embedding_ada_002",
"strategy": {
"id": "basic",
"num_tokens_per_chunk": 64
}
}
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0,
"top_p": 1,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
}
}
}
}'
curl -i -L 'https://api.box.com/2.0/ai/extract' \
-H 'content-type: application/json' \
-H 'authorization: Bearer <ACCESS_TOKEN>' \
-d '{
"prompt": "Extract data related to contract conditions",
"items": [
{
"type": "file",
"id": "1497741268097"
}
],
"ai_agent": {
"type": "ai_agent_extract",
"long_text": {
"model": "azure__openai__gpt_4o_mini",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini",
}
}
}'
curl -i -L 'https://api.box.com/2.0/ai/extract' \
-H 'content-type: application/json' \
-H 'authorization: Bearer <ACCESS_TOKEN>' \
-d '{
"prompt": "Extract data related to contract conditions",
"items": [
{
"type": "file",
"id": "1497741268097"
}
],
"ai_agent": {
"type": "ai_agent_extract",
"long_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0,
"top_p": 1,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
},
"embeddings": {
"model": "openai__text_embedding_ada_002",
"strategy": {
"id": "basic",
"num_tokens_per_chunk": 64
}
}
},
"basic_text": {
"model": "azure__openai__gpt_4o_mini",
"system_message": "You are a helpful travel assistant specialized in budget travel",
"prompt_template": "It is `{current_date}`, and I have $8000 and want to spend a week in the Azores. What should I see?",
"num_tokens_for_completion": 8400,
"llm_endpoint_params": {
"type": "openai_params",
"temperature": 0,
"top_p": 1,
"frequency_penalty": 1.5,
"presence_penalty": 1.5,
"stop": "<|im_end|>"
}
}
}
}'
curl -L 'https://api.box.com/2.0/docgen_templates' \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-H 'Content-Type: application/json' \
-D '{
"file": {
"id": "12345678",
"type": "file"
}
}'
curl -L -X DELETE 'https://api.box.com/2.0/docgen_templates/12345678' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -L 'https://api.box.com/2.0/docgen_templates' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -L 'https://api.box.com/2.0/docgen_templates/12345678' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -L 'https://api.box.com/2.0/docgen_templates/12345678' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -L 'https://api.box.com/2.0/docgen_templates/12345678/tags' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'
curl -L 'https://api.box.com/2.0/docgen_batches' \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-D '{
"file": {
"id": "12345678",
"type": "file"
},
"input_source": "api",
"destination_folder": {
"id": "12345678",
"type": "folder"
},
"output_type": "docx",
"document_generation_data": [
{
"generated_file_name": "Image test",
"user_input": {
"order": {
"id": "12305",
"date": "18-08-2023",
"country": "US",
"expiryDate": "18-08-2024",
"currency": "$",
"amount": 5060.5,
"taxRate": 10,
"requester": "John",
"approver": "Smith",
"department": "Procurement",
"paymentTerms": "30 days",
"deliveryTerms": "30 days",
"deliveryDate": "18-09-2023",
"vendor": {
"company": "Example company",
"address": {
"street": "Example street",
"city": "Example city",
"zip": "EX-456"
}
},
"products": [
{
"id": 1,
"name": "A4 Papers",
"type": "non-fragile",
"quantity": 100,
"price": 29,
"amount": 2900
},
{
"id": 2,
"name": "Ink Cartridge",
"type": "non-fragile",
"quantity": 40,
"price": 39,
"amount": 1560
},
{
"id": 3,
"name": "Adhesive tape",
"type": "non-fragile",
"quantity": 20,
"price": 30,
"amount": 600.5
}
]
}
}
}
]`
curl -i -X GET "https://api.box.com/2.0/docgen_jobs" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/docgen_jobs/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/docgen_batch_jobs/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves the details about a file.
curl -i -X GET "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Restores an file that has been moved to the trash.
curl -i -X POST "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a file. This can be used to rename or move a file, create a shared link, or lock a file.
curl -i -X PUT "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New name"
}'
Deletes a file, either permanently or by moving it to the trash.
The the enterprise settings determine whether the item will be permanently deleted from Box or moved to the trash.
curl -i -X DELETE "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns the contents of a file in binary format.
curl -i -L -X GET "https://api.box.com/2.0/files/12345/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
curl -i -L -X GET "https://api.box.com/2.0/files/12345/content?version=4" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
curl -i -X GET "https://api.box.com/2.0/files/12345/content?version=4" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns the contents of a file in binary format.
curl -i -L -X GET "https://api.box.com/2.0/files/12345/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "boxapi: shared_link=https://cloud.box.com/shared/static/gjasdasjhasd&shared_link_password=letmein" \
Update a file's content. For file sizes over 50MB we recommend using the Chunk Upload APIs.
curl -i -X POST "https://upload.box.com/api/2.0/files/12345/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: multipart/form-data" \
-F attributes='{"name":"Contract.pdf", "parent":{"id":"11446498"}}' \
-F file=@<FILE_NAME>
Performs a check to verify that a file will be accepted by Box before you upload the entire file.
curl -i -X OPTIONS "https://api.box.com/2.0/files/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{"name":"Contract.pdf", "parent":{"id":"11446498"}}'
curl -i -X OPTIONS "https://api.box.com/2.0/files/12345/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{"name":"Contract.pdf", "parent":{"id":"11446498"}}'
Uploads a small file to Box. For file sizes over 50MB we recommend using the Chunk Upload APIs.
curl -i -X POST "https://upload.box.com/api/2.0/files/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: multipart/form-data" \
-F attributes='{"name":"Contract.pdf", "parent":{"id":"11446498"}}' \
-F file=@<FILE_NAME>
Creates an upload session for a new file.
curl -i -X POST "https://upload.box.com/api/2.0/files/upload_sessions" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"folder_id": "0",
"file_size": 104857600,
"file_name": "Contract.pdf"
}'
Creates an upload session for an existing file.
curl -i -X POST "https://upload.box.com/api/2.0/files/12345/upload_sessions" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"file_size": 104857600
}'
Return information about an upload session.
curl -i -X GET "https://upload.box.com/2.0/files/upload_sessions/F971964745A5CD0C001BBE4E58196BFD" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a chunk of an upload session for a file.
curl -i -X PUT "https://upload.box.com/2.0/files/upload_sessions/F971964745A5CD0C001BBE4E58196BFD" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "digest: sha=fpRyg5eVQletdZqEKaFlqwBXJzM=" \
-H "content-range: bytes 8388608-16777215/445856194" \
-H "content-type: application/octet-stream" \
--data-binary @<FILE_NAME>
Abort an upload session and discard all data uploaded.
This cannot be reversed.
curl -i -X DELETE "https://upload.box.com/2.0/files/upload_sessions/F971964745A5CD0C001BBE4E58196BFD" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Return a list of the chunks uploaded to the upload session so far.
curl -i -X GET "https://upload.box.com/2.0/files/upload_sessions/F971964745A5CD0C001BBE4E58196BFD/parts" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Close an upload session and create a file from the uploaded chunks.
curl -i -X POST "https://upload.box.com/2.0/files/upload_sessions/F971964745A5CD0C001BBE4E58196BFD/commit" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "digest: sha=fpRyg5eVQletdZqEKaFlqwBXJzM=" \
-H "content-type: application/json" \
-d '{
"parts": [
{
"part_id": "BFDF5379",
"offset": 0,
"size": 8388608,
"sha1": "134b65991ed521fcfe4724b7d814ab8ded5185dc"
},
{
"part_id": "E8A3ED8E",
"offset": 8388608,
"size": 1611392,
"sha1": "234b65934ed521fcfe3424b7d814ab8ded5185dc"
}
],
"attributes": {
"content_modified_at": "2017-04-08T00:58:08Z"
}
}'
Creates a copy of a file.
curl -i -X POST "https://api.box.com/2.0/files/12345/copy" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"parent": {
"id": "123"
}
}'
Retrieves a thumbnail, or smaller image representation, of a file.
Sizes of 32x32
,64x64
, 128x128
, and 256x256
can be returned in
the .png
format and sizes of 32x32
, 94x94
, 160x160
, and 320x320
can be returned in the .jpg
format.
Thumbnails can be generated for the image and video file formats listed [found on our community site](http://community.box.com/t5/Managing- Your-Content/What-file-types-are-supported-by-Box-s-Content-Preview/ ta-p/327).
curl -i -X GET "https://api.box.com/2.0/files/12345/thumbnail.png" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a list of collaborations for a file. This returns all the users that have access to the file.
curl -i -X GET "https://api.box.com/2.0/files/12345/collaborations" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a list of comments for a file.
curl -i -X GET "https://api.box.com/2.0/files/12345/comments" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a list of all the tasks for a file. This endpoint does not support paging.
curl -i -X GET "https://api.box.com/2.0/files/12345/tasks" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a file that has been moved to the trash.
curl -i -X GET "https://api.box.com/2.0/files/12345/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Permanently deletes a file that is in the trash. This action cannot be undone.
curl -i -X DELETE "https://api.box.com/2.0/files/12345/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve information on all version of a file. This endpoint can be used to retrieve information about older versions of a file.
Versions are only tracked for Box users with premium accounts.
curl -i -X GET "https://api.box.com/2.0/files/12345/versions" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve a specific older version of a file.
Versions are only tracked for Box users with premium accounts.
curl -i -X GET "https://api.box.com/2.0/files/12345/versions/456456" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Move a file version to the trash.
Versions are only tracked for Box users with premium accounts.
curl -i -X DELETE "https://api.box.com/2.0/files/12345/versions/456456" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Promote a specific version of a file.
If previous versions exist, this method can be used to promote one of the older versions to the top of the version history.
This actually creates a new copy of the old version and puts it at the top of the versions history. The file will have the exact same contents as the older version, with the the same SHA1/etag, and the same name as the original.
Other properties such as comments do not get updated to their former values. Don't use this endpoint to restore Box Notes, as it works with file formats such as PDF, DOC, PPTX or similar.
curl -i -X POST "https://api.box.com/2.0/files/12345/versions/current" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"type": "file_version",
"id": "456456"
}'
Restores a specific version of a file after it was deleted. Don't use this endpoint to restore Box Notes, as it works with file formats such as PDF, DOC, PPTX or similar.
curl -i -X POST "https://api.box.com/2.0/files/12345/versions/456456" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"trashed_at": null
}'
Retrieves all metadata for a given file.
curl -i -X GET "https://api.box.com/2.0/files/12345/metadata" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve a specific metadata template instance for a file
curl -i -X GET "https://api.box.com/2.0/files/12345/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a piece of metadata on a file based on the specified template.
Only values that are present in the metadata template will be accepted.
curl -i -X POST "https://api.box.com/2.0/files/12345/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"audience": "internal",
"documentType": "Q1 plans",
"competitiveDocument": "no",
"status": "active",
"author": "Jones",
"currentState": "proposal"
}'
Updates a piece of metadata on a file.
The metadata instance can only be updated if the instance already exists. When editing metadata, only values that adhere to the metadata template schema will be accepted.
The update is applied atomically. If any errors occur during the application of the operations, the metadata instance remains unchanged.
curl -i -X PUT "https://api.box.com/2.0/files/12345/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[
{
"op": "test",
"path": "/competitiveDocument",
"value": "no"
},
{
"op": "remove",
"path": "/competitiveDocument"
},
{
"op": "test",
"path": "/status",
"value": "active"
},
{
"op": "replace",
"path": "/status",
"value": "inactive"
},
{
"op": "test",
"path": "/author",
"value": "Jones"
},
{
"op": "copy",
"from": "/author",
"path": "/editor"
},
{
"op": "test",
"path": "/currentState",
"value": "proposal"
},
{
"op": "move",
"from": "/currentState",
"path": "/previousState"
},
{
"op": "add",
"path": "/currentState",
"value": "reviewed"
}
]'
Deletes a piece of file metadata.
curl -i -X DELETE "https://api.box.com/2.0/files/12345/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve the watermark for a file.
curl -i -X GET "https://api.box.com/2.0/files/12345/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Applies or update a watermark on a file.
curl -i -X PUT "https://api.box.com/2.0/files/12345/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"watermark": {
"imprint": "default"
}
}'
Removes the watermark from a file.
curl -i -X DELETE "https://api.box.com/2.0/files/12345/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves details for a folder, including the first 100 entries in the folder.
To fetch more items within the folder, please use the Get items in a folder endpoint.
curl -i -X GET "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Restores a folder that has been moved to the trash.
curl -i -X POST "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a folder. This can be also be used to move the folder, create shared links, update collaborations, and more.
curl -i -X PUT "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New folder name"
}'
curl -i -X PUT "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New folder name",
"parent": {
"id": "123"
}
}'
curl -i -X PUT "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New folder name",
"parent": {
"id": "123"
}
"owned_by": {
"id": "123456"
}
}'
curl -i -X PUT "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New folder name"
}'
curl -i -X PUT "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"owned_by": {
"id": "123"
}
}'
Deletes a folder, either permanently or by moving it to the trash.
curl -i -X DELETE "https://api.box.com/2.0/folders/4353455" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a page of items in a folder. These items can be files, folders, and web links.
To request more information about the folder itself, like its size, please use the Get a folder endpoint instead.
curl -i -X GET "https://api.box.com/2.0/folders/0/items" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a new empty folder within the specified parent folder.
curl -i -X POST "https://api.box.com/2.0/folders" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "New Folder",
"parent": {
"id": "0"
}
}'
Creates a copy of a folder within a destination folder.
The original folder will not be changed.
curl -i -X POST "https://api.box.com/2.0/folders/4353455/copy" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"parent": {
"id": "345345"
}
}'
Retrieves a list of collaborations for a folder. This returns all the users that have access to the folder.
curl -i -X GET "https://api.box.com/2.0/folders/4353455/collaborations" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a folder that has been moved to the trash.
curl -i -X GET "https://api.box.com/2.0/folders/4353455/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Permanently deletes a folder that is in the trash. This action cannot be undone.
curl -i -X DELETE "https://api.box.com/2.0/folders/4353455/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all metadata for a given folder.
curl -i -X GET "https://api.box.com/2.0/folders/4353455/metadata" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve a specific metadata template instance for a folder
curl -i -X GET "https://api.box.com/2.0/folders/4353455/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a piece of metadata on a folder based on the specified template.
Only values that are present in the metadata template will be accepted.
curl -i -X POST "https://api.box.com/2.0/folders/4353455/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"audience": "internal",
"documentType": "Q1 plans",
"competitiveDocument": "no",
"status": "active",
"author": "Jones",
"currentState": "proposal"
}'
Updates a piece of metadata on a folder based.
The metadata instance can only be updated if the instance already exists. When editing metadata, only values that adhere to the metadata template schema will be accepted.
The update is applied atomically. If any errors occur during the application of the operations, the metadata instance remains unchanged.
curl -i -X PUT "https://api.box.com/2.0/folders/4353455/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[
{
"op": "test",
"path": "/competitiveDocument",
"value": "no"
},
{
"op": "remove",
"path": "/competitiveDocument"
},
{
"op": "test",
"path": "/status",
"value": "active"
},
{
"op": "replace",
"path": "/status",
"value": "inactive"
},
{
"op": "test",
"path": "/author",
"value": "Jones"
},
{
"op": "copy",
"from": "/author",
"path": "/editor"
},
{
"op": "test",
"path": "/currentState",
"value": "proposal"
},
{
"op": "move",
"from": "/currentState",
"path": "/previousState"
},
{
"op": "add",
"path": "/currentState",
"value": "reviewed"
}
]'
Deletes a piece of folder metadata.
curl -i -X DELETE "https://api.box.com/2.0/folders/4353455/metadata/enterprise_27335/blueprintTemplate" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves the files and folders that have been moved to the trash.
Any attribute in the full files or folders objects can be passed
in with the fields
parameter to retrieve those specific
attributes that are not returned by default.
curl -i -X GET "https://api.box.com/2.0/folders/trash/items" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve the watermark for a folder.
curl -i -X GET "https://api.box.com/2.0/folders/4353455/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Applies or update a watermark on a folder.
curl -i -X PUT "https://api.box.com/2.0/folders/4353455/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"watermark": {
"imprint": "default"
}
}'
Removes the watermark from a folder.
curl -i -X DELETE "https://api.box.com/2.0/folders/4353455/watermark" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieve locks applied to a folder.
curl -i -X GET "https://api.box.com/2.0/folder_locks?folder_id=33552487093" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a lock on a folder to prevent move and / or delete operations.
curl -i -X POST "https://api.box.com/2.0/folder_locks" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"folder": {
"type": "folder",
"id": "33552487093"
},
"locked_operations": {
"move": true,
"delete": true
}
}'
Deletes a lock on a folder.
curl -i -X DELETE "https://api.box.com/2.0/folder_locks/93134" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a metadata template by its scope and template name.
curl -i -X GET "https://api.box.com/2.0/metadata_templates/enterprise/blueprintTemplate/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a metadata template.
The metadata template can only be updated if the template already exists.
The update is applied atomically. If any errors occur during the application of the operations, the metadata template remains unchanged.
curl -i -X PUT "https://api.box.com/2.0/metadata_templates/enterprise/blueprintTemplate/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[
{
"op": "editField",
"fieldKey": "category",
"data": {
"displayName": "Customer Group"
}
}
]'
Delete a metadata template and its instances. This deletion is permanent and can not be reversed.
curl -i -X DELETE "https://api.box.com/2.0/metadata_templates/enterprise/blueprintTemplate/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a metadata template by its ID.
curl -i -X GET "https://api.box.com/2.0/metadata_templates/d9671692-3df6-11ea-b77f-2e728ce88125" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Used to retrieve all metadata templates within a user's enterprise
curl -i -X GET "https://api.box.com/2.0/metadata_templates/enterprise" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Used to retrieve all globally available metadata templates.
curl -i -X GET "https://api.box.com/2.0/metadata_templates/global" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a new metadata template that can be applied to files and folders.
curl -i -X POST "https://api.box.com/2.0/metadata_templates/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"scope": "enterprise",
"displayName": "Customer",
"fields": [
{
"type": "string",
"key": "name",
"displayName": "Name",
"description": "The customer name",
"hidden": false
},
{
"type": "date",
"key": "last_contacted_at",
"displayName": "Last Contacted At",
"description": "When this customer was last contacted at",
"hidden": false
},
{
"type": "enum",
"key": "industry",
"displayName": "Industry",
"options": [
{"key": "Technology"},
{"key": "Healthcare"},
{"key": "Legal"}
]
},
{
"type": "multiSelect",
"key": "role",
"displayName": "Contact Role",
"options": [
{"key": "Developer"},
{"key": "Business Owner"},
{"key": "Marketing"},
{"key": "Legal"},
{"key": "Sales"}
]
}
]
}'
Retrieve a collection of metadata cascade policies within a given folder for the current enterprise.
curl -i -X GET "https://api.box.com/2.0/metadata_cascade_policies?folder_id=31232" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a new metadata cascade policy that applies a given metadata template to a given folder and automatically cascades it down to its children.
In order for the policy to work, a metadata instance must first be applied to the folder.
curl -i -X POST "https://api.box.com/2.0/metadata_cascade_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"folder_id": "12321",
"scope": "enterprise_27335",
"templateKey": "productInfo"
}'
Retrieve a metadata cascade policy.
curl -i -X GET "https://api.box.com/2.0/metadata_cascade_policies/324324" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Deletes a metadata cascade policy.
curl -i -X DELETE "https://api.box.com/2.0/metadata_cascade_policies/324324" \
-H "authorization: Bearer <ACCESS_TOKEN>"
If a policy already exists on a folder, this will apply that policy to all existing files and sub-folders within the target folder.
curl -i -X POST "https://api.box.com/2.0/metadata_cascade_policies/21312/apply" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"conflict_resolution": "overwrite"
}'
curl -i -X POST "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"from": "enterprise_123456.contractTemplate",
"query": "amount >= :value",
"query_params": {
"value": 100
},
"fields": [
"created_at",
"metadata.enterprise_123456.contractTemplate.amount",
"metadata.enterprise_123456.contractTemplate.customerName"
],
"ancestor_folder_id": "5555",
"order_by": [
{
"field_key": "amount",
"direction": "asc"
}
],
"limit": 100
}'
curl -i -X GET "https://api.box.com/2.0/metadata_query_indices?scope=enterprise&template_key=properties" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves the message and metadata for a specific comment, as well as information on the user who created the comment.
curl -i -X GET "https://api.box.com/2.0/comments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Update the message of a comment.
curl -i -X PUT "https://api.box.com/2.0/comments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"message": "My New Message"
}'
Permanently deletes a comment.
curl -i -X DELETE "https://api.box.com/2.0/comments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Adds a comment comment by the user to a specific file, or as a reply to an other comment.
curl -i -X POST "https://api.box.com/2.0/comments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"message": "Review completed!",
"item": {
"type": "file",
"id": 426436
}
}'
curl -i -X POST "https://api.box.com/2.0/comments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"message": "I agree with this.",
"item": {
"type": "comment",
"id": 345344
}
}
curl -i -X POST "https://api.box.com/2.0/comments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"tagged_message": "What do you think @[1234:John]?",
"item": {
"type": "file",
"id": 123
}
}
curl -i -X POST "https://api.box.com/2.0/comments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"message": " @[1234:John], I agree with this.",
"item": {
"type": "comment",
"id": 345344
}
}
Retrieves a single collaboration.
curl -i -X GET "https://api.box.com/2.0/collaborations/1234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a collaboration.
Can be used to change the owner of an item, or to accept collaboration invites.
curl -i -X PUT "https://api.box.com/2.0/collaborations/1234" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"role": "viewer"
}'
Deletes a single collaboration.
curl -i -X DELETE "https://api.box.com/2.0/collaborations/1234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all pending collaboration invites for this user.
curl -i -X GET "https://api.box.com/2.0/collaborations?status=pending" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Adds a collaboration for a single user or a single group to a file or folder.
Collaborations can be created using email address, user IDs, or a group IDs.
If a collaboration is being created with a group, access to this endpoint is dependent on the group's ability to be invited.
curl -i -X POST "https://api.box.com/2.0/collaborations" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"item": {
"type": "file",
"id": "11446498"
},
"accessible_by": {
"type": "user",
"login": "[email protected]"
},
"role": "editor"
}'
curl -i -X POST "https://api.box.com/2.0/collaborations" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"item": {
"type": "file",
"id": "11446498"
},
"accessible_by": {
"type": "group",
"id": "845344"
},
"role": "editor"
}'
Searches for items that are available to the user or an entire enterprise.
curl -i -X GET "https://api.box.com/2.0/search?query=sales" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a single task on a file.
curl -i -X POST "https://api.box.com/2.0/tasks" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"item": {
"id": "11446498",
"type": "file"
},
"action": "review"
}'
Fetches a specific task.
curl -i -X GET "https://api.box.com/2.0/tasks/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a specific task.
curl -i -X PUT "https://api.box.com/2.0/tasks/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"action": "review"
}'
Deletes a specific task.
curl -i -X DELETE "https://api.box.com/2.0/tasks/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all of the assignments for a given task.
curl -i -X GET "https://api.box.com/2.0/tasks/12345/assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Assigns a task to a user.
Multiple assignments to different users are allowed per task.
curl -i -X POST "https://api.box.com/2.0/task_assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"task": {
"id": "11446498",
"type": "task"
},
"assign_to": {
"id": "4823213"
}
}'
Fetches a specific task assignment.
curl -i -X GET "https://api.box.com/2.0/task_assignments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a task assignment. This endpoint can be used to update the state of a task.
curl -i -X PUT "https://api.box.com/2.0/task_assignments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"message": "New message",
"resolution_state": "completed"
}'
Deletes a specific task assignment.
curl -i -X DELETE "https://api.box.com/2.0/task_assignments/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Return the file or folder represented by a shared link.
Shared items are any files or folders that are represented by a shared link, which can originate within the current enterprise or within another one.
This endpoint allows an application to retrieve information about a shared item when only given a shared link.
curl -i -X GET "https://api.box.com/2.0/shared_items" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "boxapi: shared_link=https://app.box.com/s/gjasdasjhasd&shared_link_password=letmein"
The syntax is the same regardless of wether the shared link is a file or a folder.
curl -i -X GET "https://api.box.com/2.0/shared_items" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "boxapi: shared_link=https://app.box.com/s/jsasdsd8sad24&shared_link_password=letmein"
Creates a web link object within a folder.
curl -i -X POST "https://api.box.com/2.0/web_links" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "Cloud Content Management",
"url": "https://box.com",
"parent": {
"id": "0"
}
}'
Retrieve information about a web link.
curl -i -X GET "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Restores an web link that has been moved to the trash.
curl -i -X POST "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a web link object.
curl -i -X PUT "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "Cloud Content Management"
}'
Deletes a web link.
curl -i -X DELETE "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a web link that has been moved to the trash.
curl -i -X GET "https://api.box.com/2.0/web_links/12345/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Permanently deletes a web link that is in the trash. This action cannot be undone.
curl -i -X DELETE "https://api.box.com/2.0/web_links/12345/trash" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns a list of all users for the Enterprise along with their user_id, public_name, and login.
The application and the authenticated user need to have the permission to look up users in the entire enterprise.
curl -i -X GET "https://api.box.com/2.0/users" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a new managed user in an enterprise. This endpoint is only available to users and applications with the right admin permissions.
curl -i -X POST "https://api.box.com/2.0/users" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"login": "[email protected]",
"name": "Aaron Levie"
}'
Retrieves information about the user who is currently authenticated.
In the case of a 3-legged OAuth2, client-side authenticated application this will be the user who authorized the app.
In the case of a JWT, server-side authenticated application this will be the service account that belongs to the application by default.
Use the As-User
header to change who this API call is made on behalf of.
curl -i -X GET "https://api.box.com/2.0/users/me" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves information about a user in the enterprise.
The application and the authenticated user need to have the permission to look up users in the entire enterprise.
This endpoint also returns a limited set of information for external users who are collaborated on content owned by the enterprise for authenticated users with the right scopes. In this case, disallowed fields will return null instead.
curl -i -X GET "https://api.box.com/2.0/users/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a managed user in an enterprise. This endpoint is only available to users and applications with the right admin permissions.
curl -i -X PUT "https://api.box.com/2.0/users/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "Aaron Levie"
}'
Deletes a user. By default this will fail if the user
still owns any content. Move their owned content first
before proceeding, or use the force
field to delete
the user and their files.
curl -i -X DELETE "https://api.box.com/2.0/users/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves an image of a the user's avatar.
curl -i -X GET "https://api.box.com/2.0/users/12345/avatar" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Uploads or updates a user avatar.
curl -i -X -L POST "https://api.box.net/2.0/users/12345/avatar" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
--form 'pic=@"path/to/file/file.jpeg"'
Deletes a user avatar.
curl -i -X DELETE -L "https://api.box.net/2.0/users/12345/avatar" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Move all of the items owned by a user into a new folder in another user’s account.
Only the root folder (0
) can be transferred.
Folders can only be moved across users by users with administrative permissions.
This call will be performed synchronously which might lead to a slow response when the source user has a large number of items in all of its folders.
If the destination path has a metadata cascade policy attached to any of the parent folders, a metadata cascade operation will be kicked off asynchronously.
There is currently no way to check for when this operation is finished.
curl -i -X PUT "https://api.box.com/2.0/users/12345/folders/0" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"owned_by": {
"id": "1232234"
}
}'
Retrieves all email aliases for a user. The collection does not include the primary login for the user.
curl -i -X GET "https://api.box.com/2.0/users/12345/email_aliases" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Adds a new email alias to a user account.
curl -i -X POST "https://api.box.com/2.0/users/12345/email_aliases" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"email": "[email protected]"
}'
Removes an email alias from a user.
curl -i -X DELETE "https://api.box.com/2.0/users/12345/email_aliases/23432" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all the groups for a user. The user making an API call must have admin permissions to inspect the enterprise's groups.
curl -i -X GET "https://api.box.com/2.0/users/12345/memberships" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Invites an existing external user to join an enterprise.
The existing user can not be part of another enterprise and must already have a Box account. Once invited, the user will receive an email and are prompted to accept the invitation within the Box web application.
This method requires the "Manage An Enterprise" scope enabled for the application, which can be enabled within the developer console.
curl -i -X POST "https://api.box.com/2.0/invites" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"enterprise": {
"id": "1232234"
},
"actionable_by": {
"login" : "[email protected]"
}
}'
Returns the status of a user invite.
curl -i -X GET "https://api.box.com/2.0/invites/213723" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all of the groups for a given enterprise. The user must have admin permissions to inspect enterprise's groups.
curl -i -X GET "https://api.box.com/2.0/groups" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a new group of users in an enterprise. Only users with admin permissions can create new groups.
curl -i -X POST "https://api.box.com/2.0/groups" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "Customer Support"
}'
Retrieves information about a group.
curl -i -X GET "https://api.box.com/2.0/groups/57645" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a specific group.
curl -i -X PUT "https://api.box.com/2.0/groups/57645" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"name": "Customer Support"
}'
Permanently deletes a group.
curl -i -X DELETE "https://api.box.com/2.0/groups/57645" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all the members for a group. The user must have admin permissions to inspect enterprise's groups.
curl -i -X GET "https://api.box.com/2.0/groups/57645/memberships" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all the collaborations for a group. The user must have admin permissions to inspect enterprise's groups.
Each collaboration object has details on which files or folders the group has access to and with what role.
curl -i -X GET "https://api.box.com/2.0/groups/57645/collaborations" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a group membership
curl -i -X POST "https://api.box.com/2.0/group_memberships" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"user": {
"id": "1434325"
},
"group": {
"id": "4545523"
}
}'
Retrieves a specific group membership.
curl -i -X GET "https://api.box.com/2.0/group_memberships/434534" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a user's group membership.
curl -i -X PUT "https://api.box.com/2.0/group_memberships/434534" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"role": "admin"
}'
Deletes a specific group membership.
curl -i -X DELETE "https://api.box.com/2.0/group_memberships/434534" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns all defined webhooks for the requesting application.
curl -i -X GET "https://api.box.com/2.0/webhooks" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a webhook.
curl -i -X POST "https://api.box.com/2.0/webhooks" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"target": {
"id": "21322",
"type": "file"
},
"address": "https://example.com/webhooks",
"triggers": [
"FILE.PREVIEWED"
]
}'
curl -i -X POST "https://api.box.com/2.0/webhooks" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"target": {
"id": "234234",
"type": "folder"
},
"address": "https://example.com/webhooks",
"triggers": [
"FILE.UPLOADED"
]
}'
Retrieves a specific webhook
curl -i -X GET "https://api.box.com/2.0/webhooks/3321123" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a webhook.
curl -i -X PUT "https://api.box.com/2.0/webhooks/3321123" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"triggers": [
"FILE.DOWNLOADED"
]
}'
Deletes a webhook.
curl -i -X DELETE "https://api.box.com/2.0/webhooks/3321123" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates the status, usage and response metadata of a skill invocation.
curl -i -X PUT "https://api.box.com/2.0/skill_invocations/33243242" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"status": "success",
"metadata": {
"cards": [{
"type": "skill_card",
"skill_card_type": "keyword",
"skill_card_title": {
"code": "license-plates",
"message": "Licence Plates"
},
"skill": {
"type": "service"
"id": "license-plates-service"
},
"invocation": {
"type": "skill_invocation"
"id": "license-plates-service-123"
},
"entries": {
{ "text": "DD-26-YT" },
{ "text": "DN86 BOX" }
}
},{
"type": "skill_card",
"skill_card_type": "transcript",
"skill_card_title": {
"code": "video-transcription",
"message": "Video Transcription"
},
"skill": {
"type": "service"
"id": "video-transcription-service"
},
"invocation": {
"type": "skill_invocation"
"id": "video-transcription-service-123"
},
"duration": 1000,
"entries": {
{
"text": "Hi John, have I told you about Box recently?",
"appears": [{ "start": 0 }]
},
{
"text": "No Aaron, you have not. Tell me more!",
"appears": [{ "start": 5 }]
}
}
},{
"type": "skill_card",
"skill_card_type": "timeline",
"skill_card_title": {
"code": "face-detection",
"message": "Faces"
},
"skill": {
"type": "service"
"id": "face-detection-service"
},
"invocation": {
"type": "skill_invocation"
"id": "face-detection-service-123"
},
"duration": 1000,
"entries": {
{
"text": "John",
"appears": [{ "start": 0, "end": 5 }, { "start": 10, "end": 15 }],
"image_url": "https://example.com/john.png"
},
{
"text": "Aaron",
"appears": [{ "start": 5, "end": 10 }],
"image_url": "https://example.com/aaron.png"
}
}
},{
"type": "skill_card",
"skill_card_type": "status",
"skill_card_title": {
"code": "hold",
"message": "Please hold..."
},
"skill": {
"type": "service"
"id": "face-detection-service"
},
"invocation": {
"type": "skill_invocation"
"id": "face-detection-service-123"
},
"status": {
"code": "processing",
"message": "We are processing this file right now."
}
}],
},
"file": {
"id": "12345"
},
"usage": {
"unit": "file",
"value": 1
}
}'
curl -i -X PUT "https://api.box.com/2.0/files/12345/metadata/global/boxSkillsCards" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/files/12345/metadata/global/boxSkillsCards" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"cards": [{
"type": "skill_card",
"skill_card_type": "keyword",
"skill_card_title": {
"code": "license-plates",
"message": "Licence Plates"
},
"skill": {
"type": "service"
"id": "license-plates-service"
},
"invocation": {
"type": "skill_invocation"
"id": "license-plates-service-123"
},
"entries": {
{ "text": "DD-26-YT" },
{ "text": "DN86 BOX" }
}
},{
"type": "skill_card",
"skill_card_type": "transcript",
"skill_card_title": {
"code": "video-transcription",
"message": "Video Transcription"
},
"skill": {
"type": "service"
"id": "video-transcription-service"
},
"invocation": {
"type": "skill_invocation"
"id": "video-transcription-service-123"
},
"duration": 1000,
"entries": {
{
"text": "Hi John, have I told you about Box recently?",
"appears": [{ "start": 0 }]
},
{
"text": "No Aaron, you have not. Tell me more!",
"appears": [{ "start": 5 }]
}
}
},{
"type": "skill_card",
"skill_card_type": "timeline",
"skill_card_title": {
"code": "face-detection",
"message": "Faces"
},
"skill": {
"type": "service"
"id": "face-detection-service"
},
"invocation": {
"type": "skill_invocation"
"id": "face-detection-service-123"
},
"duration": 1000,
"entries": {
{
"text": "John",
"appears": [{ "start": 0, "end": 5 }, { "start": 10, "end": 15 }],
"image_url": "https://example.com/john.png"
},
{
"text": "Aaron",
"appears": [{ "start": 5, "end": 10 }],
"image_url": "https://example.com/aaron.png"
}
}
},{
"type": "skill_card",
"skill_card_type": "status",
"skill_card_title": {
"code": "hold",
"message": "Please hold..."
},
"skill": {
"type": "service"
"id": "face-detection-service"
},
"invocation": {
"type": "skill_invocation"
"id": "face-detection-service-123"
},
"status": {
"code": "processing",
"message": "We are processing this file right now."
}
}],
}'
curl -i -X PUT "https://api.box.com/2.0/files/12345/metadata/global/boxSkillsCards" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[
"op": "replace",
"path": "/cards/0",
"value": {
"type": "skill_card",
"skill_card_type": "keyword",
"skill_card_title": {
"code": "license-plates",
"message": "Licence Plates"
},
"skill": {
"type": "service"
"id": "license-plates-service"
},
"invocation": {
"type": "skill_invocation"
"id": "license-plates-service-123"
},
"entries": {
{ "text": "DD-26-YT" },
{ "text": "DN86 BOX" }
}
}
]'
curl -i -X DELETE "https://api.box.com/2.0/files/12345/metadata/global/boxSkillsCards" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns a list of real-time servers that can be used for long-polling updates to the event stream.
Long polling is the concept where a HTTP request is kept open until the server sends a response, then repeating the process over and over to receive updated responses.
Long polling the event stream can only be used for user events, not for enterprise events.
To use long polling, first use this endpoint to retrieve a list of long poll URLs. Next, make a long poll request to any of the provided URLs.
When an event occurs in monitored account a response with the value
new_change
will be sent. The response contains no other details as
it simply serves as a prompt to take further action such as sending a
request to the events endpoint with the last known
stream_position
.
After the server sends this response it closes the connection. You must now repeat the long poll process to begin listening for events again.
If no events occur for a while and the connection times out you will
receive a response with the value reconnect
. When you receive this response
you’ll make another call to this endpoint to restart the process.
If you receive no events in retry_timeout
seconds then you will need to
make another request to the real-time server (one of the URLs in the response
for this endpoint). This might be necessary due to network errors.
Finally, if you receive a max_retries
error when making a request to the
real-time server, you should start over by making a call to this endpoint
first.
curl -i -X OPTIONS "https://api.box.com/2.0/events" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns up to a year of past events for a given user or for the entire enterprise.
By default this returns events for the authenticated user. To retrieve
events for the entire enterprise, set the stream_type
to admin_logs
(historical - 1 year) or admin_logs_streaming
(live - two weeks). The user
making the API call will need to have admin privileges, and the application will
need to have the permission to access the event feed to get the enterprise event
feed.
curl -i -X GET "https://api.box.com/2.0/events" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/events?stream_type=admin_logs" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/events?stream_type=admin_logs&event_type=LOGIN,FAILED_LOGIN" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/events?stream_type=admin_logs_streaming" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/events?stream_type=admin_logs_streaming&event_type=LOGIN,FAILED_LOGIN" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all collections for a given user.
Currently, only the favorites
collection
is supported.
curl -i -X GET "https://api.box.com/2.0/collections" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves the files and/or folders contained within this collection.
curl -i -X GET "https://api.box.com/2.0/collections/926489/items" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X PUT "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": [
{
"id": "123"
}
]
}'
curl -i -X PUT "https://api.box.com/2.0/folders/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": [
{
"id": "123"
}
]
}'
curl -i -X PUT "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": [
{
"id": "123"
}
]
}'
curl -i -X PUT "https://api.box.com/2.0/files/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": []
}'
curl -i -X PUT "https://api.box.com/2.0/folders/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": []
}'
curl -i -X PUT "https://api.box.com/2.0/web_links/12345" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"collections": []
}'
Returns information about the recent items accessed by a user, either in the last 90 days or up to the last 1000 items accessed.
curl -i -X GET "https://api.box.com/2.0/recent_items" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all of the retention policies for an enterprise.
curl -i -X GET "https://api.box.com/2.0/retention_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a retention policy.
curl -i -X POST "https://api.box.com/2.0/retention_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"policy_name": "Some Policy Name",
"policy_type": "finite",
"retention_length": 365,
"disposition_action": "permanently_delete"
}'
Retrieves a retention policy.
curl -i -X GET "https://api.box.com/2.0/retention_policies/982312" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a retention policy.
curl -i -X PUT "https://api.box.com/2.0/retention_policies/982312" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"disposition_action": "permanently_delete"
}'
Returns a list of all retention policy assignments associated with a specified retention policy.
curl -i -X GET "https://api.box.com/2.0/retention_policies/982312/assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Assigns a retention policy to an item.
curl -i -X POST "https://api.box.com/2.0/retention_policy_assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"policy_id": "173463",
"assign_to": {
"type": "folder",
"id": "6564564"
}
}'
Retrieves a retention policy assignment
curl -i -X GET "https://api.box.com/2.0/retention_policy_assignments/1233123" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a list of legal hold policies that belong to an enterprise.
curl -i -X GET "https://api.box.com/2.0/legal_hold_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Create a new legal hold policy.
curl -i -X POST "https://api.box.com/2.0/legal_hold_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"policy_name": "Policy 3",
"description": "Automatic created policy"
}'
Retrieve a legal hold policy.
curl -i -X GET "https://api.box.com/2.0/legal_hold_policies/324432" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Update legal hold policy.
curl -i -X PUT "https://api.box.com/2.0/legal_hold_policies/324432" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"policy_name": "Policy 4"
}'
Delete an existing legal hold policy.
This is an asynchronous process. The policy will not be fully deleted yet when the response returns.
curl -i -X DELETE "https://api.box.com/2.0/legal_hold_policies/324432" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves a list of items a legal hold policy has been assigned to.
curl -i -X GET "https://api.box.com/2.0/legal_hold_policy_assignments?policy_id=324432" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Assign a legal hold to a file, file version, folder, or user.
curl -i -X POST "https://api.box.com/2.0/legal_hold_policy_assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"policy_id": "123244",
"assign_to": {
"type": "folder",
"id": "6564564"
}
}'
Retrieve a legal hold policy assignment.
curl -i -X GET "https://api.box.com/2.0/legal_hold_policy_assignments/753465" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Remove a legal hold from an item.
This is an asynchronous process. The policy will not be fully removed yet when the response returns.
curl -i -X DELETE "https://api.box.com/2.0/legal_hold_policy_assignments/753465" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns information about a file version retention.
curl -i -X GET "https://api.box.com/2.0/file_version_retentions/3424234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all file version retentions for the given enterprise.
curl -i -X GET "https://api.box.com/2.0/file_version_retentions" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all files for the given retention policy id.
curl -i -X GET "https://app.box.com/api/2.0/retention_policy_assignments/3424234/files_under_retention" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all file versions for the given retention policy id.
curl -i -X GET "https://app.box.com/api/2.0/retention_policy_assignments/3424234/file_versions_under_retention" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves information about the legal hold policies assigned to a file version.
curl -i -X GET "https://api.box.com/2.0/file_version_legal_holds/2348213" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Get list of non-deleted legal holds for a single legal hold policy.
curl -i -X GET "https://api.box.com/2.0/file_version_legal_holds?policy_id=133870" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves information about an individual device pin.
curl -i -X GET "https://api.box.com/2.0/device_pinners/2324234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Deletes an individual device pin.
curl -i -X DELETE "https://api.box.com/2.0/device_pinners/2324234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Retrieves all the device pins within an enterprise.
The user must have admin privileges, and the application needs the "manage enterprise" scope to make this call.
curl -i -X GET "https://api.box.com/2.0/enterprises/3442311/device_pinners" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns the current terms of service text and settings for the enterprise.
curl -i -X GET "https://api.box.com/2.0/terms_of_services" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a terms of service for a given enterprise and type of user.
curl -i -X POST "https://api.box.com/2.0/terms_of_services" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"status": "enabled",
"text": "By collaborating on this file you are accepting..."
}'
Fetches a specific terms of service.
curl -i -X GET "https://api.box.com/2.0/terms_of_services/324234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a specific terms of service.
curl -i -X PUT "https://api.box.com/2.0/terms_of_services/324234" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"status": "enabled",
"text": "By collaborating on this file you are accepting..."
}'
Retrieves an overview of users and their status for a terms of service, including Whether they have accepted the terms and when.
curl -i -X GET "https://api.box.com/2.0/terms_of_service_user_statuses?tos_id=324234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Sets the status for a terms of service for a user.
curl -i -X POST "https://api.box.com/2.0/terms_of_service_user_statuses" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"tos": {
"type": "terms_of_service",
"id": "1232132"
},
"user": {
"type": "user",
"id": "3423423"
},
"is_accepted": true
}'
Updates the status for a terms of service for a user.
curl -i -X PUT "https://api.box.com/2.0/terms_of_service_user_statuses/324234" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"is_accepted": true
}'
Returns the list of whitelist entries which specify what domains can collaborate with the current enterprise.
curl -i -X GET "https://api.box.com/2.0/collaboration_whitelist_entries" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a collaboration whitelist entry, specifying a domain and direction to allow collaboration for.
curl -i -X POST "https://api.box.com/2.0/collaboration_whitelist_entries" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"domain": "example.com",
"direction": "inboud"
}'
Returns a specific collaboration whitelist entry.
curl -i -X GET "https://api.box.com/2.0/collaboration_whitelist_entries/213123" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Deletes a specific collaboration whitelist entry.
curl -i -X DELETE "https://api.box.com/2.0/collaboration_whitelist_entries/213123" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Returns a list of users who have been exempt from the collaboration whitelist.
curl -i -X GET "https://api.box.com/2.0/collaboration_whitelist_exempt_targets" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a collaboration whitelist entry exemption, specifying a user that is exempted from the whitelist.
curl -i -X POST "https://api.box.com/2.0/collaboration_whitelist_exempt_targets" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"user": {
"id": "23522323"
}
}'
Returns a users who has been exempt from the collaboration whitelist.
curl -i -X GET "https://api.box.com/2.0/collaboration_whitelist_exempt_targets/984923" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Deletes a specific collaboration whitelist exemption.
curl -i -X DELETE "https://api.box.com/2.0/collaboration_whitelist_exempt_targets/984923" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Fetches all the storage policies in the enterprise.
curl -i -X GET "https://api.box.com/2.0/storage_policies" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Fetches a specific storage policy.
curl -i -X GET "https://api.box.com/2.0/storage_policies/34342" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Fetches all the storage policy assignment for an enterprise or user.
curl -i -X GET "https://api.box.com/2.0/storage_policy_assignments?resolved_for_type=userresolved_for_id=984322" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Creates a storage policy assignment for an enterprise or user.
curl -i -X POST "https://api.box.com/2.0/storage_policy_assignments" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"storage_policy": {
"type": "storage_policy",
"id": "1434325"
},
"assigned_to": {
"type": "user",
"id": "9987987"
}
}'
Fetches a specific storage policy assignment.
curl -i -X GET "https://api.box.com/2.0/storage_policy_assignments/932483" \
-H "authorization: Bearer <ACCESS_TOKEN>"
Updates a specific storage policy assignment.
curl -i -X PUT "https://api.box.com/2.0/storage_policy_assignments/932483" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"storage_policy": {
"type": "storage_policy",
"id": "1434325"
}
}'
Delete a storage policy assignment.
Deleting a storage policy assignment on a user will have the user inherit the enterprise's default storage policy.
There is a rate limit for calling this endpoint of only twice per user in a 24 hour period.
curl -i -X DELETE "https://api.box.com/2.0/storage_policy_assignments/932483" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"items": {
"type": "storage_policy",
"id": "1434325"
}
}'
curl -i -X POST "https://api.box.com/2.0/zip_downloads" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"download_file_name": "January Financials",
"items": [
{
"type": "file",
"id": "12345"
},
{
"type": "file",
"id": "34325"
},
{
"type": "folder",
"id": "45678"
}
]
}'
curl -i -X GET "https://api.box.com/2.0/zip_downloads/29l00nfxDyHOt7RphI9zT_w==nDnZEDjY2S8iEWWCHEEiptFxwoWojjlibZjJ6geuE5xnXENDTPxzgbks_yY=/status" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -L GET "https://dl.boxcloud.com/2.0/zip_downloads/29l00nfxDyHOt7RphI9zT_w==nDnZEDjY2S8iEWWCHEEiptFxwoWojjlibZjJ6geuE5xnXENDTPxzgbks_yY=/content" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-o sample_curl.zip
curl -i -X GET "https://api.box.com/2.0/metadata_templates/enterprise/securityClassification-6VMVochwUWo/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/metadata_templates/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"templateKey": "securityClassification-6VMVochwUWo",
"scope": "enterprise",
"displayName": "Classification",
"hidden": false,
"copyInstanceOnItemCopy": true,
"fields": [
{
"type": "enum",
"key": "Box__Security__Classification__Key",
"displayName": "Classification",
"hidden": false,
"options": [
{
"key": "Classified",
"staticConfig": {
"classification": {
"colorID": 7,
"classificationDefinition": "Top Seret"
}
}
}
]
}
]
}'
curl -i -X PUT "https://api.box.com/2.0/metadata_templates/enterprise/securityClassification-6VMVochwUWo/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[{
"op": "addEnumOption",
"fieldKey": "Box__Security__Classification__Key",
"data": {
"key": "Sensitive",
"staticConfig":{
"classification": {
"classificationDefinition": "Sensitive information that must not be shared.",
"colorID": 4
}
}
}
}]'
curl -i -X PUT "https://api.box.com/2.0/metadata_templates/enterprise/securityClassification-6VMVochwUWo/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[{
"op": "editEnumOption",
"fieldKey": "Box__Security__Classification__Key",
"enumOptionKey": "Sensitive",
"data": {
"key": "Very Sensitive",
"staticConfig": {
"classification": {
"classificationDefinition": "Sensitive information that must not be shared.",
"colorID": 4
}
}
}
}]'
curl -i -X PUT "https://api.box.com/2.0/metadata_templates/enterprise/securityClassification-6VMVochwUWo/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[{
"op": "removeEnumOption",
"fieldKey": "Box__Security__Classification__Key",
"enumOptionKey": "Sensitive"
}]'
curl -i -X DELETE "https://api.box.com/2.0/metadata_templates/enterprise/securityClassification-6VMVochwUWo/schema" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/files/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/files/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"Box__Security__Classification__Key": "Sensitive"
}'
curl -i -X PUT "https://api.box.com/2.0/files/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[{
"op": "replace",
"path": "/Box__Security__Classification__Key",
"value": "Internal"
}]'
curl -i -X DELETE "https://api.box.com/2.0/files/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/folders/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/folders/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-d '{
"Box__Security__Classification__Key": "Sensitive"
}'
curl -i -X PUT "https://api.box.com/2.0/folders/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json-patch+json" \
-d '[{
"op": "replace",
"path": "/Box__Security__Classification__Key",
"value": "Internal"
}]'
curl -i -X DELETE "https://api.box.com/2.0/folders/12345/metadata/enterprise/securityClassification-6VMVochwUWo" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/file_requests/42037322/copy" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"title": "Please upload required documents",
"description": "Please upload required documents",
"status": "active",
"is_email_required": true,
"is_description_required": false,
"folder": {
"id": "2233212",
"type": "folder"
}
}'
curl -i -X PUT "https://api.box.com/2.0/file_requests/42037322" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"title": "Please upload required documents",
"description": "Please upload required documents",
"status": "active",
"is_email_required": true,
"is_description_required": false
}'
curl -i -X GET "https://api.box.com/2.0/file_requests/42037322" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X DELETE "https://api.box.com/2.0/file_requests/42037322" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/files/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X PUT "https://api.box.com/2.0/files/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/files/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/files/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": null
}'
curl -i -X GET "https://api.box.com/2.0/folders/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X PUT "https://api.box.com/2.0/folders/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/folders/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/folders/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": null
}'
curl -i -X GET "https://api.box.com/2.0/web_links/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X PUT "https://api.box.com/2.0/web_links/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/web_links/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": {
"access": "open",
"password": "mypassword",
"unshared_at": "2012-12-12T10:53:43-08:00",
"permissions": {
"can_download": false
}
}
}'
curl -i -X PUT "https://api.box.com/2.0/web_links/32423234?fields=shared_link" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"shared_link": null
}'
curl -i -X GET "https://api.box.com/2.0/workflows?folder_id=324234" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/workflows/42037322/start" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"type": "workflow_parameters",
"flow": {
"id": "8937625",
"type": "flow"
},
"files": [{
"type": "file",
"id": "389047572"
},
{
"type": "file",
"id": "389047578"
}],
"folder": {
"id": "2233212",
"type": "folder"
},
"outcomes": [
{
"id": "34895783",
"type": "outcome",
"task_collaborators": {
"type": "variable",
"variable_type": "user_list",
"variable_value": [{ "type": "user", "id": "890273642" }]
},
"completion_rule": {
"type": "variable",
"variable_type": "task_completion_rule",
"variable_value": "all_assignees"
},
"file_collaborator_role": {
"type": "variable",
"variable_type": "collaborator_role",
"variable_value": "viewer"
}
}
]
}'
curl -i -X POST "https://api.box.com/2.0/sign_requests" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d '{
"signers": [
{
"role": "signer",
"email": "[email protected]"
}
],
"source_files": [
{
"type": "file",
"id": "123456789"
}
],
"parent_folder":
{
"type": "folder",
"id": "0987654321"
}
}'
curl -i -X GET "https://api.box.com/2.0/sign_requests" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X GET "https://api.box.com/2.0/sign_requests/<SIGN_REQUEST_ID>" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/sign_requests/<SIGN_REQUEST_ID>/cancel" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/sign_requests/<SIGN_REQUEST_ID>/resend" \
-H "authorization: Bearer <ACCESS_TOKEN>"
curl -i -X POST "https://api.box.com/2.0/users/terminate_sessions" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-H "accept: application/json" \
-d
{
user_ids: ["6178859178", "4824866571"]
user_logins: ["[email protected]", "[email protected]",]
}
curl -i -X POST "https://api.box.com/2.0/groups/terminate_sessions" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H "content-type: application/json" \
-H "accept: application/json" \
-d
{
"group_ids": ["6178859178", "4824866571"],
}
curl -X -L GET "https://api.box.com/2.0/integration_mappings/slack?partner_item_id=C987654321&box_item_id=123456789" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
curl -X -L POST "https://api.box.com/2.0/integration_mappings/slack" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H 'content-type: application/json' \
-d '{
"partner_item": {
"id": "C987654321",
"type": "channel",
"slack_workspace_id": "T5555555"
},
"box_item": {
"id": "123456789",
"type": "folder"
}
}'
curl -X -L PUT "https://api.box.com/2.0/integration_mappings/slack/512521" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-H 'content-type: application/json' \
-d'{
"options": {
"is_access_management_disabled": true
}
}'
curl -X -L DELETE "https://api.box.com/2.0/integration_mappings/slack/512521" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
-d ''
curl -L -X GET "https://api.box.com/2.0/sign_templates/12345678" \
-H "accept: application/json" \
-H "authorization: Bearer <ACCESS_TOKEN>" \
curl -L -X GET "https://api.box.com/2.0/sign_templates?marker=JV9IRGZmieiBasejOG9yDCRNgd2ymoZIbjsxbJMjIs3kioVii&limit=1000" \
-H "authorization: Bearer <ACCESS_TOKEN>" \