box-python-sdk icon indicating copy to clipboard operation
box-python-sdk copied to clipboard

Published 20 hours ago verified publisher icon box

Unable to create Managed User

Open javalogicuser opened this issue 3 years ago • 1 comments

I'm getting an 403 Access Denied error when trying to use the API to create a Managed User and I'm logged in as an Admin (Developer):

boxsdk.exception.BoxAPIException: Message: None Status: 403 Code: None Request ID: None Headers: {'Date': 'Tue, 04 May 2021 19:49:04 GMT', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'WWW-Authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."', 'BOX-REQUEST-ID': '1504bafef097bbe01dd2a3a02d7a27475'} URL: https://api.box.com/2.0/users Method: POST Context Info: None PS C:\Users\mark.wharton\Desktop\automation-scripts\Box>

Here's my script: #! /usr/bin/env python3

Import two classes from the boxsdk module - Client and OAuth2

from boxsdk import Client, OAuth2 import csv import sys import os from pprint import pformat from boxsdk.network.default_network import DefaultNetwork

Define client ID, client secret, and developer token.

CLIENT_ID = None CLIENT_SECRET = None ACCESS_TOKEN = None

Read app info from text file

with open('app.cfg', 'r') as app_cfg: CLIENT_ID = app_cfg.readline() CLIENT_SECRET = app_cfg.readline() ACCESS_TOKEN = app_cfg.readline()

Create OAuth2 object. It's already authenticated, thanks to the developer token.

oauth2 = OAuth2(CLIENT_ID, CLIENT_SECRET, access_token=ACCESS_TOKEN)

Create the authenticated client

client = Client(oauth2) # removed LoggingNetwork()

read in txt file with names and email addresses

with open('names.txt', 'r') as csv_file: csv_reader = csv.reader(csv_file, delimiter=',') line_count = 0 for row in csv_reader: if line_count == 0: NAME = row[0] EMAIL = row[1] OTHER = row[2] line_count += 1 # Create a new user new_user = client.create_user(NAME,EMAIL=['email'],OTHER=['other']) print(f'{NAME} has been added as a new user with email address of {EMAIL} and {OTHER}') else: print("There are no more fields available to read") break`

javalogicuser avatar May 04 '21 20:05 javalogicuser

Hi @javalogicuser ,

Thanks for submitting this issue. The 403 error suggests that this is a permissions issue. You could verify that the user you're authenticating with is an admin, since it sounds like you're using your developer token to authenticate.

For a quick way to validate, after you create the client you can call the current user endpoint. The value for "role" should be "admin" if you want to create managed users:

client = Client(oauth2)

user = client.user().get(['login', 'role'])
print('My user login is {0} and my role is {1}'.format(user.login, user.role))

If your user is an admin and you're still seeing the 403, could you share the parameter keys that you pass in under "OTHER"? For example if you're using tracking_codes, the API docs explain that a particular setting needs to be turned on.

Thanks, @swfree

swfree avatar May 04 '21 21:05 swfree

This issue has been automatically marked as stale because it has not been updated in the last 30 days. It will be closed if no further activity occurs within the next 7 days. Feel free to reach out or mention Box SDK team member for further help and resources if they are needed.

stale[bot] avatar Dec 19 '22 20:12 stale[bot]

This issue has been automatically closed due to maximum period of being stale. Thank you for your contribution to Box Python SDK and feel free to open another PR/issue at any time.

stale[bot] avatar Dec 27 '22 06:12 stale[bot]