New Folder Lock APIs now available

A new collections of APIs have been released to permit the restriction of move and delete actions on folders. New API reference and guides have been made available to help create and manage you folder locks.

To create a lock on a folder to prevent it from being moved or deleted, supply the ID of a folder to the POST /folder_locks/ endpoint.

curl -i -X POST "https://api.box.com/2.0/folder_locks" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -H "Content-Type: application/json" \
     -d '{
       "folder": {
         "type": "folder",
         "id": "33552487093"
       }
     }'

Additional API endpoints are available to allow a developer to list all locks on a given folder, or to remove an existing folder lock from a folder.

• Create a folder lock: Guide | API Reference
• List all locks on a folder: Guide | API Reference
• Remove a folder lock: Guide | API Reference

Metadata Cascade Policies API leaves Beta

The Metadata Cascade Policies API is now generally available to all and no longer in Beta.

Over the past years, we've made a lot of technical improvements to our metadata infrastructure and we're happy to announce that we've now gotten to the moment where the Metadata Cascade Policies API is leaving Beta. This release does not involve any breaking changes and any existing application should not see any impact from this release.

Since we initially launched, Metadata Cascade Policies has become over 10 times faster when applying metadata to new instances. Additionally, we've also made significant strides in reliability and observability to ensure a top-notch API experience, in line with the rest of our API suite.

For more details about metadata, and metadata cascade policies, please visit the Metadata guides and our dedicated Metadata Cascade Policies reference documentation.

Box Windows SDK v3.25.0 released

3.25.0 [2020-10-19]

New Features and Enhancements:

• Add support for filtering when getting Groups (#703)
• Add zip functionality (#700)
• Deprecate one of the overloaded ExecuteMetadataQueryAsync() methods (#699)
• Add support for copyInstanceOnItemCopy field for metadata templates (#698)

Bug Fixes:

• Fix bug with JWT Authentication automatic retry (#697)

www.nuget.org/packages/Box.V2/3.25.0 www.nuget.org/packages/Box.V2.Core/3.25.0

Search API adds support for Shared Links

The Search API now supports returning files, folders and web links that the user has recently accessed through a shared link.

Shared items can be requested by calling the GET /search API with the new include_recent_shared_links query parameter set to true.

curl -i -X GET https://api.box.com/2.0/search?query=Contract&include_recent_shared_link=true

By default, the API won't return any shared items if this query parameter is not provided or not set to true.

Change in response format

When include_recent_shared_links is set to true, the response has slightly changed to allow for the additional information to be returned. Rather than returning a direct list of files, folders, and web links the API now returns a list of objects containing an item and an accessible_via_shared_link property.

{
  "entries": [
    {
      "item": {
        "id": 12345,
        "etag": 1,
        "type": "file",
        "sequence_id": 3,
        "name": "Contract.pdf",
        ...
      },
      "accessible_via_shared_link": "https://www.box.com/s/vspke7y05sb214wjokpk"
    }
    ...
  ],
  "limit": 1000,
  "offset": 2000,
  "total_count": 5000
}

{
  "entries": [
    {
      "id": 12345,
      "etag": 1,
      "type": "file",
      "sequence_id": 3,
      "name": "Contract.pdf",
      ...
    },
    ...
  ],
  "limit": 1000,
  "offset": 2000,
  "total_count": 5000
}

This change in response format should not impact any existing applications as it only applies to any API call made with the new query parameter.

Box Node SDK v1.34.3 released

Bug Fixes:

• Upgrade ajv dependency (#545)

Box Python SDK v2.10.0 released

New Features and Enhancements:

• Add support for copyInstanceOnItemCopy field for metadata templates (#546)
• Allow creating tasks with the action and completion_rule parameters (#544)
• Add Zip functionality (#539)

Bug Fixes:

• Fix bug with updating a collaboration role to owner (#536)
• Allow ints to be passed in as item IDs (#530)

New File Request APIs available

A new collection of APIs are now available that allows developers to create and update File Requests. We've updated the reference documentation and added new guides to help you manage your file requests.

To create a copy of an existing file request, all you need is the unique ID of an existing file request, and the ID of the folder to apply the new request to.

curl -i -X POST "https://api.box.com/2.0/file_requests/42037322/copy" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -d '{
       "folder": {
         "id": "2233212"
       }
     }'

Additional APIs are available that allow a developer to get more details about a file request, update a file request, and delete a file request. For more details, please check out the developer documentation.

• Create a template file request: Guide
• Create a copy of a file request: Guide | API Reference
• Get information about a file request: Guide | API Reference
• Update a file request's configuration: Guide | API Reference
• Delete a file request: Guide | API Reference

Change to OAuth 2 app redirect URI requirements

On October 29th, 2020, Box will begin employing stricter requirements for redirect URIs used within new and existing OAuth 2-based Box integrations that may affect your application.

Existing application owners that currently use a blank redirect URI in their application configuration, as described here, will need to update the redirect URI to match the redirect used within the code redirect step, described here.

On October 29th, 2020, applications that are still configured with a blank URI will begin returning an error when the user is redirected back to your application if URI adjustments aren't made.

All impacted application owners and collaborators have been notified via the email address associated with their developer account.

How to validate and make the change

To validate your redirect URI and update your application(s) if they are affected, take the following steps:

• Go to the Box developer console as the user who owns the application(s).
• For each Custom App using OAuth 2 (client-side authentication) click on the application to open it.
• From the left navigation, click on Configuration.
• Scroll down to the OAuth 2.0 Redirect URI section.
• For any application where this URI is blank, add the URI that is being used in the application code when redirecting the user back to your application from the Box auth step, as is described in this guide.

Group API adds new filter and permissions

The GET /groups API now supports filtering groups by name using a new filter_term field.

curl -i -X GET "https://api.box.com/2.0/groups?filter_term=Engineering" \
     -H "Authorization: Bearer <ACCESS_TOKEN>"

Additionally, all the Group endpoints now allow a developer to request a new permissions field, which currently has one attribute defining if the authenticated user can invite the group to any item.

curl -i -X GET "https://api.box.com/2.0/groups?field=permissions" \
     -H "Authorization: Bearer <ACCESS_TOKEN>"

{
    "total_count": 1,
    "entries": [
        {
            "type": "group",
            "id": "223353242",
            "permissions": {
                "can_invite_as_collaborator": true
            }
        }
    ],
    "limit": 100,
    "offset": 0
}

For more details about how to work with groups, please visit the Group API documentation.

New multiSelect metadata support in search API

Starting today, the Search API adds support for matching items by multiple values of a multiSelect metadata field. Before this change, it was not possible to find items by the value of a multiSelect field.

To perform a search for items where a metadata field matches multiple values, the mdfilters parameter now supports a list of values.

curl -G 'https://api.box.com/2.0/search' \
     -H 'Authorization: Bearer <ACCESS_TOKEN>' \
     -d 'mdfilters=[{"scope":"enterprise_12345","templateKey":"contractInfo","filters":{"products":["shield","platform"]}}]'

In this example, the mdfilters query parameter contains one filter with a scope, a templateKey, and a set of filters. Here is the same filter in a more readable format.

[
  {
    "scope": "enterprise_12345",
    "templateKey": "contractInfo",
    "filters": {
      "products": [
        "shield",
        "platform"
      ]
    }
  }
]

What is new here is that the products filter now performs a match on multiple values, only returning files and folders for which the template has a products value of either shield and platform. It's worth noting that the value of the field can contain multiple values and only match on one value. For example ["shield", "platform"] will be a match for the filter ["shield", "platform"] as they both include shield.