Box API get shared file results in 404

1
votes

Already looked at How to use box-api to get the Shared item? and Box Developers documentation https://developers.box.com/docs/#shared-items. I have tried doing a request to https://api.box.com/2.0/shared_items in .NET code, in Firefox Poster and using curl. They all resulted in 404. I have verified that my file's shared link is open to anyone with a link. Here's my curl code (sanitized):

curl https://api.box.com/2.0/shared_items -H "Authorization: Bo
xAuth api_key=xxxxxxxxxxxxxxxxxxxxx" -H "BoxApi: shared_link=https://
app.box.com/s/yyyyyyyyyyyyyyyyyyyyyyyyyyyy"

{"type":"error","status":404,"code":"not_found","help_url":"http:\/\/developers.
box.com\/docs\/#errors","message":"Not Found","request_id":"196207167555469c3017
14b"}

What might be the problem? I tried a wrong api_key and got back 401 so I know the whole setup is correct.

1
box-apibox

1 Answers

0
votes

Your API key shouldn't be included anywhere in the request. I believe that form of authorization was used in the old v1 API and is now deprecated. There's a cURL example in the docs you linked to that shows what your authorization header should look like:

curl https://api.box.com/2.0/shared_items
-H "Authorization: Bearer ACCESS_CODE"
-H "BoxApi: shared_link=SHARED_LINK"

For more info on how to obtain the access token that goes into the authorization header, take a look at the OAuth tutorial.

The reason why authentication is required is because the API will return info about the item within the context of the caller's permissions. For example, if the creator of the shared link makes the API call, then private information (such as the item's full path within their account) will be returned. If another user makes the call, then that private information will be omitted.

That being said, you're still able to anonymously download an open shared link by navigating to it directly. You only need to use the API if you want more information about the item that the link points to.