I am using the As-User header to simulate a subset of users on Box.com as the service account so I can access each one of their files.
So I go:
res.setRequestInterceptor((RequestInterceptor) request -> {
request.addHeader("As-User", asUser);
// Returning null means the request will be sent along with our new header.
return null;
});
Where asUser is a user ID which is always something like 7352356
Now when I go new BoxFolder(apiConnection, "0"); I am expecting the root of asUser's files.
But I get
com.box.sdk.BoxAPIException: The API returned an error code: 401
at com.box.sdk.BoxAPIResponse.<init>(BoxAPIResponse.java:70) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxJSONResponse.<init>(BoxJSONResponse.java:30) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxAPIRequest.trySend(BoxAPIRequest.java:423) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxAPIRequest.send(BoxAPIRequest.java:209) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxAPIRequest.send(BoxAPIRequest.java:184) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxFolder.getInfo(BoxFolder.java:161) ~[box-java-sdk-2.1.1.jar:?]
at com.box.sdk.BoxFolder.getInfo(BoxFolder.java:23) ~[box-java-sdk-2.1.1.jar:?]
I must be missing a step yes? From this link I think I am: Using As-User in Box Request
ok see https://docs.box.com/reference#as-user-1
To enable this functionality for applications using OAuth2, please file a support ticket with your API key. To enable this functionality for applications using OAuth2 with JWT, please navigate to the Advanced Features section in the developer console and enable the "Perform actions on behalf of users" permission.
So I'm guessing our box admin just forgot to check the box.
UPDATE:
Looks like you have to regenerate the api key after changing the permissions. If you don't do that, the new permissions will not take effect. So if you are getting this issue where you are getting a 401 error when accessing box... go back into the box admin console, make sure the permissions are correct, delete the old api key, create a new one, then try again.