I am updating a user management script which we execute when someone leaves our company.
The app is aligned with a Co-Admin account and has all the various Enterprise scopes enabled (except for "Manage webhooks v2"). The "Read and write all files and folders stored in Box" scope is also checked.
Oh, am using the Python SDK.
Basically, the process works as follows:
First, we move the separating users '0' (top-level) folder to another account. This is kind of a custom function where we call /users//folders/0 via PUT with a JSON parameter of owned_by: <new_user_id>
Next we want to move that folder underneath a sub-folder of <new_user_id>. The code looks something like the following:
client.folder(folder_id=folder_to_move_id).as_user(new_user_id_obj_from_step_1).move(client.folder(folder_id=new_parent_folder_id))
However, this results in the following error:
boxsdk.exception.BoxAPIException:
Message: None
Status: 403
Code: None
Request id: None
Headers: {'Content-Length': '0', 'Age': '0', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Server': 'ATS', 'Connection': 'keep-alive', 'Date': 'Fri, 07 Apr 2017 22:52:43 GMT', 'WWW-Authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."'}
URL: https://api.box.com/2.0/folders/23596411401
Method: PUT
Context info: None
Searching around for this "insufficient_scope" error, makes me think my access token needs to have requested some different scope, but (a) I'm not clear which one and (b) I'm not sure how to change scope mid-script. Maybe I should be approaching this a different way?
Thanks for any feedback.
Got the answer for this on the Box forums. Looks like we need to request that the GCM scope be enabled for our app and this must be done via Support.