shared_link is null on Box API Upload

Question

I'm trying to upload a file via cURL to Box using the V2 API. The file successfully uploads, but the returned object's shared_link property is null. There doesn't appear to be anything in the docs that explains this scenario. One special wrinkle to this scenario is that we're still using the old OAuth flow for user sign-in. Is that a factor in the functionality provided by the V2 API? We're already planning on switching to the OAuth2 flow, but I'll accelerate our plans on that upgrade if it's necessary to get the shared_link back on upload.

Here's the relevant code:

209     private static $api_upload_url = 'https://upload.box.com/api/2.0/';
210     public function upload($token, $file, $folder) {
211             
212         $api_key = $config['boxnet_api_key'];
213         $params = array(
214             'filename' => '@' . $file,
215             'parent_id' => $folder,
216         );          
217                 
218         $ch = curl_init();
219         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
220         curl_setopt($ch, CURLOPT_URL, self::$api_upload_url . 'files/content');
221         curl_setopt($ch, CURLOPT_POST, 2);
222         curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
223         curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: BoxAuth api_key=$api_key&auth_token=$token"));
224                 
225         $response = json_decode(curl_exec($ch));
226         curl_close($ch);
227                 
228         return $response;
229     }

Here's a sanitized version of the response:

stdClass Object
    (
        [type] => file
        [id] => /* Removed */
        [sequence_id] => 0
        [etag] => 0
        [sha1] => /* Removed */
        [name] => /* Removed */
        [description] => 
        [size] => 10618
        [path_collection] => stdClass Object
            (
                 [total_count] => 1
                 [entries] => Array
                     (
                         [0] => stdClass Object
                             (
                                 [type] => folder
                                 [id] => 0
                                 [sequence_id] => 
                                 [etag] => 
                                 [name] => All Files
                             )

                     )

            )
        [created_at] => /* Removed */
        [modified_at] => /* Removed */
        [trashed_at] => 
        [purged_at] => 
        [content_created_at] => /* Removed */
        [content_modified_at] => /* Removed */
        [created_by] => stdClass Object
            (
                [type] => user
                [id] => /* Removed */
                [name] => /* Removed */
                [login] => /* Removed */
            )
        [modified_by] => stdClass Object
            (
                [type] => user
                [id] => /* Same as modified_by */
                [name] => /* Same as modified_by */
                [login] => /* Same as modified_by */
            )
        [owned_by] => stdClass Object
            (
                [type] => user
                [id] => /* Same as modified_by */
                [name] => /* Same as modified_by */
                [login] => /* Same as modified_by */
            )
        [shared_link] => 
        [parent] => stdClass Object
            (
                [type] => folder
                [id] => 0
                [sequence_id] => 
                [etag] => 
                [name] => All Files
            )
        [item_status] => active
    )

Any thoughts? Or is it just that the auth token doesn't have enough rights (due to being created through an old method) to get that data?

Answer 1

Shared links must be explicitly created for files and folders. Here's the relevant documentation.

we're still using the old OAuth flow for user sign-in.

You can use v1 auth tokens with the v2 API for the time being, but to the best of my knowledge this will stop working around the end of the year.