1

I'm currently integrating Box.net into a website and have come stuck when trying to access the operations after authentication.

I'm authenticating fine and retrieving my token, however regardless of the token being active every response I receive is a 401 unauthorized.

My testing code:

$header = array('Authorization: BoxAuth api_key='.$apikey.'&auth_token='.$auth);

$curl = curl_init();

curl_setopt( $curl, CURLOPT_URL, 'https://api.box.com/2.0/folders/0');
curl_setopt( $curl, CURLOPT_HTTPHEADER, $header);
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt( $curl, CURLOPT_HTTP_VERSION, "CURL_HTTP_VERSION_1_1");
curl_setopt( $curl, CURLOPT_VERBOSE, true );
//curl_setopt( $curl, CURLINFO_HEADER, true);
curl_setopt( $curl, CURLINFO_HEADER_OUT, true);
curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, false);
//curl_setopt( $curl, CURLOPT_SSL_VERIFYHOST, 2);

$res = curl_exec( $curl );

if ($res === false)
{
    print_r('Curl error: ' . curl_error($curl));
}

var_dump( curl_getinfo($curl) );
curl_close($curl);

var_dump($res);

Request Dump: 

array(22) {
  ["url"]=>
  string(33) "https://api.box.com/2.0/folders/0"
  ["content_type"]=>
  string(16) "application/json"
  ["http_code"]=>
  int(401)
  ["header_size"]=>
  int(203)
  ["request_size"]=>
  int(172)
  ["filetime"]=>
  int(-1)
  ["ssl_verify_result"]=>
  int(0)
  ["redirect_count"]=>
  int(0)
  ["total_time"]=>
  float(0.783732)
  ["namelookup_time"]=>
  float(0.005711)
  ["connect_time"]=>
  float(0.15543)
  ["pretransfer_time"]=>
  float(0.479779)
  ["size_upload"]=>
  float(0)
  ["size_download"]=>
  float(171)
  ["speed_download"]=>
  float(218)
  ["speed_upload"]=>
  float(0)
  ["download_content_length"]=>
  float(171)
  ["upload_content_length"]=>
  float(0)
  ["starttransfer_time"]=>
  float(0.783576)
  ["redirect_time"]=>
  float(0)
  ["certinfo"]=>
  array(0) {
  }
  ["request_header"]=>
  string(172) "GET /2.0/folders/0 HTTP/1.1
Host: api.box.com
Accept: */*
Authorization: BoxAuth api_key=xxxxxxxxxxxxxx&auth_token=xxxxxxxxxxxxxxx

"
}

Response:

string(171) "{"type":"error","status":401,"code":"unauthorized","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Unauthorized","request_id":"xxxxxxxxxxxxxx"}"

For reference, I have tried the v1 api (just to see if I had any joy) via the Box_Rest_Client written by Sean Rose and that worked fine for the basic operations.

Any help/pointers would be much appreciated.

Thanks

Frankie

Improve this question
2
  • Hi Frankie, can you confirm that you're using the same api_key and auth_token in both the V1 and V2 requests? Commented Feb 26, 2013 at 22:27
  • Hi John, no not with the same token. I authorized the v1 through its own auth uri box.net/api/1.0/auth which provides me with a different token. I also tried the v2 token out of curiosity and that didnt work. Commented Feb 27, 2013 at 9:26

1 Answer 1

Reset to default
1

Frankie, the BoxAuth authorization mechanism provides the V2 API backwards-compatibility with V1 tokens.

Authorization: BoxAuth api_key=API_KEY&auth_token=V1_TOKEN

Authorization: Bearer V2_TOKEN

Try using a V1-issued token with the BoxAuth header in your V2 API request and it should work.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi John, thanks for that, that looks like its working with the v1. I think my v2 calls might have been failing because I was using the BoxAuth instead of Bearer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.