Box 2.0 API download call not showing download link to dl.boxcloud.com in POSTMAN or cURL

Question

I am trying to download an image file via the BOX API via POSTMAN. The file id is 6917417032

My code is: https://api.box.com/2.0/files/6917417032/content I have specified the Authorization code in the header

The documentation states: Returns If the file is available to be downloaded, the response will be a 302 Found to a URL at dl.boxcloud.com. Clients will need to follow the redirect in order to actually download the file. The raw data of the file is returned unless the file ID is invalid or the user does not have access to it.

My response in POSTMAN is a "200, OK" There is no 302 to dl.boxcloud.com. POSTMAN also previews a blank thumbnail. If I perform the same operation on a word document, POSTMAN displays the next from the document. What I was expecting was a file download dialog box, or the url described in the previous paragraph.

Note, the curl example code and response also differs from the paragraph describing the return:

METHOD

GET /files/{file id}/content

EXAMPLE REQUEST

curl -L https://api.box.com/2.0/files/FILE_ID/content **strong text** -H "Authorization: Bearer ACCESS_TOKEN"

EXAMPLE RESPONSE Raw text of a text file I just downloaded (So a successful download)

seanrose seanrose · Accepted Answer · 2013-03-17T20:51:03

There are two things obfuscating what's going on here:

POSTMAN follows redirects on GET requests but doesn't provide information on the request history (e.g. if I say GET URL1 and am redirected to GET URL2, it just tells me about my original GET URL1, even though it provides the results of GET URL2)
The cURL example in the documentation contains a -L flag which tells cURL to follow redirect. cURL isn't known for providing any information outside of what's explicitly asked for, and this is another case of that.

If you want to see what's actually going on, you can put cURL in verbose mode by adding the 'v flag and see everything that happens, e.g.:

curl -v -L https://api.box.com/2.0/files/FILE_ID/content -H "Authorization: Bearer TOKEN"

* About to connect() to api.box.com port 443 (#0)
*   Trying 74.112.184.225...
* connected
* Connected to api.box.com (74.112.184.225) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*    subject: serialNumber=ts5jamwzcjWP0oTyh2m74yh0zsB2zyOR; C=US; ST=California; L=Palo Alto; O=Box.net, Inc.; CN=*.box.com
*    start date: 2011-09-27 22:07:27 GMT
*    expire date: 2013-09-29 11:02:11 GMT
*    subjectAltName: api.box.com matched
*    issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA
*    SSL certificate verify ok.
> GET /2.0/files/5620199214/content HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: api.box.com
> Accept: */*
> Authorization: Bearer TOKEN
> 
< HTTP/1.1 302 Found
< Server: nginx
< Date: Sun, 17 Mar 2013 20:48:40 GMT
< Content-Type: text/html; charset=utf-8
< Connection: keep-alive
< Cache-control: no-cache, no-store
< Location: https://www.boxcloud.com/bc/1/b4c1b5e872bf843d3ded7bcae5f4f175/2Of-pgQHiFlfW6KldVyHAxtUIEW0l7HoOpi14-VGcxcSnn2CtobCO1UjJZLI58w_oCTNcPMKbUR_gn-ncDkAbw,,/f9a04d69f716d92ceebd848bb9ccded8/
< Content-Length: 0
< 
* Connection #0 to host api.box.com left intact
* Issue another request to this URL: 'https://www.boxcloud.com/bc/1/b4c1b5e872bf843d3ded7bcae5f4f175/2Of-pgQHiFlfW6KldVyHAxtUIEW0l7HoOpi14-VGcxcSnn2CtobCO1UjJZLI58w_oCTNcPMKbUR_gn-ncDkAbw,,/f9a04d69f716d92ceebd848bb9ccded8/'
* About to connect() to www.boxcloud.com port 443 (#1)
*   Trying 74.112.184.74...
* connected
* Connected to www.boxcloud.com (74.112.184.74) port 443 (#1)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*    subject: serialNumber=o2MxwjKDoF9mEZ3YNhBMR/WISRBUXT6b; C=US; ST=California; L=Palo Alto; O=Box, Inc.; CN=*.boxcloud.com
*    start date: 2012-02-27 00:10:39 GMT
*    expire date: 2014-03-01 01:48:45 GMT
*    subjectAltName: www.boxcloud.com matched
*    issuer: C=US; O=GeoTrust, Inc.; CN=GeoTrust SSL CA
*    SSL certificate verify ok.
> GET /bc/1/b4c1b5e872bf843d3ded7bcae5f4f175/2Of-pgQHiFlfW6KldVyHAxtUIEW0l7HoOpi14-VGcxcSnn2CtobCO1UjJZLI58w_oCTNcPMKbUR_gn-ncDkAbw,,/f9a04d69f716d92ceebd848bb9ccded8/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.boxcloud.com
> Accept: */*
> Authorization: Bearer TOKEN
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 17 Mar 2013 20:48:41 GMT
< Content-Type: image/png
< Content-Length: 15039
< Connection: keep-alive
< Cache-control: private
< Accept-Ranges: bytes
< Content-Disposition: attachment;filename="Screenshot_1_14_13_5_33_PM.png";filename*=UTF-8''Screenshot_1_14_13_5_33_PM.png
< X-Content-Type-Options: nosniff
< Accept-Ranges: bytes
< 
?PNG
…

Box 2.0 API download call not showing download link to dl.boxcloud.com in POSTMAN or cURL

2 Answers