When building a File Service App, how can my app send data back to Box? I've been reading about the callback urls to send data to my app, but I don't see how my app can send data back that will update user's Box account, like there is with the Content API.
The token you get from Box in the callback is valid for you to call APIs. Just use it in the header, and you'll be able to call APIs
Related
I am trying to offer an application which is to allow access to user's private files through proprietary back end and present them in a custom Web UI. What is the mechanism that allows to bridge the Web-based OAuth to the server side Drive access for each user?
EDIT:
To expand on my brief description, I would like to add that the OAuth authentication to receive the Token Response is to happen through the HTTP interaction and be presented to a user in a Web interface and be of 2-legged nature. But then I thought the Token Response would be passed to a Java server (via HTTP headers), which would process the file to be stored in user's Drive after some processing. What is not clear to me is what APIs are used to manipulate the files in Google Drive from the Java server back-end and how the Token Response is passed to those APIs to facilitate OAuth authentication.
Is this even implementable?
I have a lightweight node.js module that needs to pull from google drive. They have a REST/HTTPS interface but AFAICT it's only accessible via their SDK. I want to use REST/HTTPS so I don't have to use an SDK. Is this possible for file download? For file find (file:list e.g. https://developers.google.com/drive/v3/reference/files/list)?
I don't understand why you think it's only accessible using an SDK. The link you posted clearly shows the URL endpoint, lists the optional parameters and gives the format of the JSON response.
If you click "Try it now" and open your browser console, you will see the http request and response which you can mirror in your app.
The only thing you also need to consider is that before making a REST request to Google, you must obtain an Access Token and set it in an Authorization: Bearer xxxxxxxx header, or provide it as a query parameter as &access_token=xxxxxxxxx
I am trying to get data from Box api without using the access token, the folder containing data is a shared folder containing files that can be updated by box admin.I want to use the rest api and get the metadata of changed files and use that in the app.
so far i have not been able to access the data without using the oauth auth_token.
is there any way, that i can access the data without using the auth_token(i.e without making the user to log into the app?)
You cannot access the Box API without an OAuth2 access token. The user must authorize your application, or, if you're working within an enterprise you can use an administrative access token (i.e. a 'service' token) to access the data.
Oauth2 access token is used for authentication and authorization during any Box API call. You need to get access token before making any Box API call. This link provides details about how to get the access token for making API calls.
https://box-content.readme.io/reference#authorize
So what I'm trying to do is to fetch data from gmail API using unix's shell (curl).
I simply copied this from the json generator to be able to play with the json when I used with curl.
GET https://www.googleapis.com/gmail/v1/users/somebody%40gmail.com/messages?
maxResults=5&includeSpamTrash=false&key={YOUR_API_KEY}
Then I changed the API_KEY by what I was able to generate in my developer console. However, I cannot get the desired json when I put the link in my browser, or curl it in my shell. How do I generate the right key? Because I already generated from all of the choices in the Credentials.
Thanks!
What you generate in the Console is the Client ID and Client secret, which are used when you redirect your users to Google. Upon accepting, Google then redirects the user to the url you specify in the console with a code. This code is then finally used to retrieve the Access Token which you should use as {YOUR_API_KEY}.
Go to Google OAuth 2.0 Playground, and use the Gmail API v1 scopes, and retrieve the access token and use it in your shell.
Either I'm dense, or the docs assume I already know what they're telling me, but I need some clarification on doing authentication for a box.com app. I really don't understand whate's going on. As I read it:
the app running on the user's machine sends a request to Box, including all the little secrets (Which aren't all that secret any more if the user knows how to read the code).
The user is directed to the Box login page, which then sends the user to my server (with no page specified) attaching an authentication code.
The app somehow magically gets that code back from my server and sends a request to Box for the access token.
Box sends the access token to my server?
The app again magically gets the access token from my server and sends its APT requests.
Obviously I got lost somewhere.
And, why do I have to have a server involved in the process? The article on making a JavaScript app refers to a direct request for a token. Is there documentation on that somewhere?
You register your application on Box
After registration you receive clientId and clientSecret once on Box website
You hardcode your credentials somewhere in your application
First time your application needs to access Box API it should redirect user to https://www.box.com/api/oauth2/authorize, specifying your clientId, clientSecret and redirectURI as parameters. About redirectURI see below.
The box.com website opens. User enters his own credentials in the web form on box.com
User allows your application to access his files via API on the box.com website
Box redirects user back to you application using redirectURI specified before. One of the parameters to this request is "code". This is a very short-lived (30 seconds) access code that is only aligable for obtaining real access token.
During next 30 seconds your application should make another call to Box API to next URL: https://www.box.com/api/oauth2/token, specifying the previously obtained code. If everything was correct, your application receives an access_token, a refresh_token and "expires" values.
Now your application can make requests to Box API, specifying access_token every time
access_token expires in number of seconds, specified in "expires" field. It should be about 3600 seconds or 1 hour. Each time your application sees that access_token has expired, it should make another request to Box with the refresh_token and obtain a fresh access_token for another 1 hour.
refresh_token itself expires in 14 days
Note: if you develop a desktop application, then you should open browser for user on the step 4, redirectURI should be something like http://127.0.0.1:8080/Callback and you should run a small webserver just to catch the redirect with the code as in step 7.
Box requires that you specify a redirect_uri in your application's profile, and it must be an HTTPS URL.
As a result, it is not possible to use box with what google's oauth2 documentation calls "Client Side" or "Installed" applications, only "Web Server Applications" are allowed. Web Server applications do not have the secret leaking problem, because only the server knows the secret. You can pass the access token from your server to javascript on the client after
the oauth transaction is complete, if you want the client to make api requests directly.
In your question you are not totally clear in what you are actually trying to produce.
I however suspect that you are trying to write a client application what needs to authenticate to box using the OAUTH2 solution they have delivered in API V2.
If this is for an IPhone for example BOX has a great example of how to handle it.
In a WinForm application you would need to capture the resulting code sent back by box in the browser1.isnavigating event.
Windows console application you register a custom URI registration to collect the code.
Neither of these need to be registered in the API developers Application on box as you would pass the redirect required in the request to box.
If this does not point you in the right direction and your writing a .NET app then post again and I will try to clarify a little more.
Box requires some form user interaction which is short sighted in my opinion but try a web service that simulates a user interaction which then you can save/pass the token to your application to sync up with the Box "Cloud".