Box Python SDK - Getting access_denied_insufficient_permissions while trying to create a webhook

Question

I'm trying to create a webhook for a folder on Box such that when the file is uploaded I get a notification.

from boxsdk import OAuth2, Client

auth = OAuth2(
    client_id='xxxxxxxxxxxxo',
    client_secret='xxxxxxxxxxxxxxxxh',
    access_token='xxxxxxxxxMj2',
)

client = Client(auth)


folder = client.folder(folder_id='1')

webhook = client.create_webhook(folder, ['FILE.UPLOADED'], <HTTPS_URL>)
print('Webhook ID is {0} and the address is {1}'.format(webhook.id, webhook.address))

The Error:

Status: 403 Code: access_denied_insufficient_permissions

I also tried using the JWTAuth method and generated a Public/Private key pair

from boxsdk import JWTAuth, Client

config = JWTAuth.from_settings_file('./config_box_demo.json')


client = Client(config)

folder = client.folder(folder_id='1')


webhook = client.create_webhook(folder, ['FILE.UPLOADED'], <HTTPS_URL>)
print('Webhook ID is {0} and the address is {1}'.format(webhook.id, webhook.address))

But it displays the same error.

Things I have already done:

• Enabled all application scopes (include 'Manage Webhooks')

• Activated 'Perform Actions As Users' and 'Generate User Access Token'

• Authorised the App from Admin Console

Any help/tips would be appreciated.

Also, does it show the same error if theres an issue with the HTTPS URL?

Answer 1

Two things might be causing an issue here. Firstly, make sure you application is configured to have the scope enabled to create webhooks.

Webhook configuration screen

Secondly, it is important that the user who the access token belongs to actually has access to the folder you are trying to add a webhook to. In the case of a JWT authenticated app, the user is actually a service account that does not actually have access to your (a regular user) files and folders. You can read more on our user model here.

https://developer.box.com/en/guides/authentication/user-types/