EOS for Open With UI Element and EOL for Adobe Sign

Today, the Open With UI element can integrate with Box Tools, Google Workspace, and Adobe Sign. In an effort to continuously improve the Box experience, we are focusing our resources on new features and functionality that better align with our users' evolving needs.

December 21, 2021 the following changes will occur:

• We will discontinue support of the Box Open With UI Element for Box Tools and Google Workspace for any new customers. A new customer is any customer not using this element prior to December 21. Any customers leveraging the Open With UI Element with Box Tools and/or Google Workspace prior to December 21 are considered existing customers and will continue to receive support until further notice. The Box Tools and Google Workspace Web App functionality will not be impacted.
• Adobe Sign will no longer be available for use by new or existing customers via the Open With UI element or Web Application.

Should you have any further questions, please contact us by opening a support ticket or posting on the developer forum.

New enhancements to retention APIs

Two new API endpoints have been introduced to get files and file versions that are under retention for a given retention policy assignment. These APIs are part of the retention policy suite of APIs. They are intended to replace the separate file and file version retention endpoints, which will soon be deprecated from the Box API. The date of the deprecation will be announced at a later date.

When a retention policy is applied via a retention policy assignment, folders are selected for which the retention policy should be applied. The files and file versions within those folders will be the content that is returned from calling these new endpoints.

Features

This release has introduced the following new content and features.

• Get files under retention: Returns a list of files under retention that are associated with the specified retention policy assignment.
• Get file versions under retention: Returns a list of file versions under retention that are associated with the specified retention policy assignment.
• Added an editable description field to the retention policy resource.
• Added a non-writable start_field_date to the retention policy assignment resource. This field is the metadata field's key id. The value can also be upload_date if the assigned_to type is not metadata_template or a date field has not been selected.

Classification Name Field now in Events API

If a classification exists on content, the events API now returns the classification name field in the response object.

• The updates to the event source response object can be seen here.
• A new guide page has been added to show examples for an event triggered by a user source and an event source.

Below is an example of the response before and after the enhancement. Please note that if a classification doesn't exist, the before example will still be returned.

Before:

{
  "source": {
    "item_type": "file",
    "item_id": "8903212345",
    "item_name": "example.docx",
    "parent": {
      "type": "folder",
      "name": "All Files",
      "id": "0"
    },
    "owned_by": {
      "type": "user",
      "id": "11446498",
      "name": "Aaron Levie",
      "login": "notifications@example.com"
    }
  }
}

After:

{
  "source": {
    "item_type": "file",
    "item_id": "8903212345",
    "item_name": "example.docx",
    "parent": {
      "type": "folder",
      "name": "All Files",
      "id": "0"
    },
    "owned_by": {
      "type": "user",
      "id": "11446498",
      "name": "Aaron Levie",
      "login": "notifications@example.com"
    },
    "classification": {
      "name": "Top Secret"
    }
  }
}

Where to get support

Should you have any issues or need further guidance, please post a request to our developer forum for any help needed.

Box Java SDK v2.56.0 released

New Features and Enhancements:

• Replace submaster GroupMembershipRole with coadmin. Replace MASTER_INVITE_ACCEPT and MASTER_INVITE_REJECT with ADMIN_INVITE_ACCEPT and ADMIN_INVITE_REJECT. (#907)
• Add tracking_codes to create User API call (#910)

Bug Fixes:

• Fix url for BoxFileRequest.Info object (#906)
• Attempt to fix thread locking issue on refresh of access token (#912)

Notice of behavior change for item preview events

Starting today, we will begin rolling out changes to the behavior of item preview events when an application consumes those events from our event API endpoints.

This change will only affect the ITEM_PREVIEW user event and will not affect existing enterprise events. The new behavior will not cause downtime within existing applications or require any application changes to prevent uptime disruptions.

Change overview

Within the previous behavior when events were consumed, previewed item events were surfaced through the ITEM_PREVIEW event type for the owner of the content as well as any contributors assigned to the content. This meant that if a file with 2000 collaborators on it was previewed, the file owner plus all 2000 collaborators would have an event created stating that the file was previewed.

With the new behavior, notification of an item being previewed will only be created for the owner of the content and will not be produced for collaborators. This will help to reduce the noise of the event stream while preserving the ability to see when items are previewed as a content owner.

Where to get support

Should you have any issues or need further guidance, please post a request to our developer forum for any help needed.

Box Node SDK v1.39.0 released

New Features and Enhancements:

• Add support for Box Sign API (#658)
• Enhance TS Imports (#656)

Box Node SDK v1.38.0 released

New Features and Enhancements:

• Add sensitive language event types for admin invites (#648)
• Use BetterDocs to adapt JSDocs to TypeScript (#646)
• Change ProxyAgent import to be dynamic (#641)
• New API for get files and file versions under retention (#585)

Bug Fixes:

• Deeply freeze Config except Buffers and Readable streams (#651)
• Fix a typo in docs of src/managers/search.ts (#649)
• Update broken documentation link (#647)
• fix type annotations for exchangeToken functions (#645)
• Deprecate files getThumbnail API in favor of getRepresentationContent (#627)

Upcoming change to JWT format

On August 4th, 2021, as part of our continued infrastructure upgrades, we will begin deployment of a change that may affect custom applications leveraging Server Authentication with JSON Web Tokens (JWT).

Potential impact will require additional verification from customers who do not use an official Box SDK and are storing tokens in a database.

All customers and application owners who are potentially impacted have been notified directly via email.

Change overview

This change may only impact applications leveraging Server Authentication with JSON Web Tokens (JWT). Tokens will continue to return as a string as stated in our documentation. However, the format will be longer and contain

special characters.

An example of a token returned today: NXWd9KDPVofXQKZJlQjICCWFHEmuOihs.

After this change, tokens will return in the following format:

1!yxxhRreQCKcEbC_ZfYvPudyLe7Ed36gIQcqqZo2pfaVZyxNBkQjoHk0fgA1iTY3_uwXgif-hg-gne aUdLRmGCb2He6tyQ_rA8aV-CllTyBbd9Tx-wU6Fnt4Df9XjzBAk8Dj7RYc1Ew_fcY2vfycpCvjwHLgql jzjEpVIrOpOlK_2AyP5FExzn0x7DtbkaGc6avJU8UMQd_huXoJ7CnXIL_JBzVrW4D32pBLQ2AZIuecOZ NMIy9T8PdUiZIG6xKEPqYmm21mQHEM0d7dT5foSBtjm65-Ah2tb2MdSGFb1G1O24vz2GmYFgmIe5UOol qYIGg-0u2xQPC3F76WiNCiU_TP1JDQYi3HKaos807WkRtnBY5Vd-VAbY9DH-Qo3u1EiB0RFr4cht2N7V B99y-379IEYzCojL2V58dE_pBxpRMv4KcOLVsUfDkbx3uo34H4UzOycI_IWGWrhVJD4M7GeLeD_5Vkmj fbwYl2CmHdXAKbZKtXTHjzB0CZixZriT_wRUpsN8GTrrxGbx9ukgzJWRJwelGZ_1Yx7vP4Zkx3OfR5Be -Tso7xdHd9rW0FXsu024U7dMNuQ6kpP1_kJI2Y.

Please note that this is not a new format to Box, as this format is currently returned when downscoping tokens.

Verifying application impact

1. Navigate to Admin Console > Apps Tab > Custom Apps.
2. Click View for each app row listed
3. Scroll to the bottom of the app details page and verify the selected authentication method. Affected apps will say Server Authentication with JSON Web Tokens.

For each application identified above, you will need to determine:

1. Is it using an official Box SDK? If so, no further action is required to prepare for this change. While it is always best practice to be on the latest version, no minimum versions are required for compatibility.

2. If an official SDK is not used, are tokens stored in a database? If so, you will need to preform additional verification that the database can handle both the new length and special characters.

Testing before release

If you have identified an application that leverages Server Authentication with JWT and stores tokens in a database, you will want to preform the test below before August 4th.

As mentioned above, the new format for tokens is currently used when downscoping tokens. Therefore, preform the following steps to assess impact:

1. Generate an Access Token for the application
2. Downscope the token from step 1
3. Attempt to store the downscoped token in your database

If you are successfully able to store the token in the database no further action is necessary to prepare for this change.

If you are unable to store the token, your database must be updated to support the additional length and special characters.

Where to get support

Should you have any questions or need further guidance, please email jwt-set-rollout@box.com.

New Getting Started Guide

Check out our step by step guide to getting started with the Box API. Discover best use cases, user models, architecture patterns, and more.

Features

• Use case evaluation: Guide
• Common user models: Guide
• Common architecture patterns: Guide
• Locating common values: Guide
• Security overview: Guide
• Authentication best practices: Guide
• Detailed authorization steps: Guide

Box Java SDK v2.55.1 released

Bug Fixes:

• Restore methods for Execute Metadata Query, which were removed in #890, and mark them as deprecated (#905)