David McCullars
Reputation: 1
Box.com authorization for webhooks
In trying to setup a webhook for our box.com app, I noticed that there isn't an option to be passed an authorization_code. Without that, the code on our end will be unable to grab the updated content of the file from box.com.
The simplified workflow is:
- User chooses "More actions" for a file in their box.com account, and then clicks "Send to XYZ".
- This sends pops up a window which sends the user to our webapp, passing us the file id and an authorization code.
- Our webapp uses the authorization code to download the file and store it on our end, tagging the resource with the box.com file id for future refence.
- User chooses to "Upload New Version" in box.com and uploads a new file.
- Webhook triggers and issues a GET to our webapp passing in the file id.
- Our webapp looks up the downloaded file by id and then attempts to download the new version. We need an authorization code to do this. (The original authorization code has long since expired.)
Upvotes: 0
Views: 103
Answers (1)
David McCullars
Reputation: 1
Ultimately, our solution was to use the OAuth2 refresh tokens obtained during the initial use of the incoming auth_code. This refresh token (according to the box.com docs) should last about 60 days or so. So we created a background job to look for expiring refresh tokens and update them. Not an ideal solution at all (and quite awkward in the code), but it seems to be the best option available.
Upvotes: 0
Related Questions
- How can I setup webhook secret on Ubuntu webhook commad?
- Webhooks with Amazon EC2
- Github Webhooks secret with AWS API Gateway
- Box - Webhook v2 - 403 Forbidden with Box CLI
- Webhooks Not working
- Implementing WebHook for box.net
- Authenticate automatically against box.com to get api access
- box.com api OAuth authentication
- box.com api without Oauth2
- How do I set up Box event notifications (webhooks) at the org level?