Metadata Query index changes

When making file / folder metadata query requests, a search index needs to be created for queries where more than 10,000 files / folders are being searched.

To improve the efficiency and simplicity of this process, we have changed the way in which indexes are used by removing the explicit requirement to supply an index through the use_index key in a metadata query API request.

There is no impact to existing applications that are currently supplying an index through the use_index key. The supplied index will be ignored in the request and the most efficient index will be automatically applied.

Previous Indexing Process

The following was the previous process for creating and using an index for a metadata query request involving 10,000+ files / folders in the search. This is the process being replaced.

• Contact the metadata query team to request an index.
• The metadata query team would create the index and supply back the name of the newly created index.
• When making metadata query requests this index name was supplied as the value for the use_index key in the API request.

New Indexing Process

The following is the new process for creating and using an index.

• Contact the metadata query team to request an index.

The use_index key within the metadata query API request has been removed. Instead, the most efficient query will be automatically applied during the search process.

Indexes that are currently supplied in the use_index key will be ignored, and instead the most efficient index will be used.

Application owners may safely remove the use_index key and value from their metadata query requests at their discretion.

Developer Console Updates

A new Authorization tab is now available in the Developer Console. In addition, clarifying UI changes were made to the Application Access and Scope settings within the Configuration tab to ease these decisions. These changes do not impact the functionality of the settings.

Now, developers will navigate to the Authorization tab to submit the application directly to their Box Admin for authorization approval.

As for the Configuration tab, helpful tips were added to the JWT Application Access settings to facilitate a clear decision between App Only Access or App Access + Enterprise Access. The Scope section is now grouped by action type: content, administrative, and developer.

• App Approval Process: Guide
• Scopes: Guide
• Application Access: Guide

Updates

• Added Authorization tab to the Developer Console
• Updated the UI for JWT Application Access settings under the Configuration tab
• Updated the UI grouping of Scopes under the Configuration tab

Box Python SDK v2.11.0 released

New Features and Enhancements:

• Deprecate and add method for getting a thumbnail (#572)

Box Java SDK v2.53.0 released

New Features and Enhancements:

• Add offset and limit parameters to BoxFolder.getChildren (#861)

Blank OAuth 2 redirect URI change

On September 28th, 2020 we announced upcoming changes to our security requirements for OAuth 2 app redirect URIs. As of today, applications that use a blank redirect URI will no longer be permitted, and will begin to produce an error stating redirect_uri missing when attempting to redirect the user, stating that there is a mismatched URI.

Impacted applications will have received multiple emails to the developer email address associated with the application and account, and are part of a small subset of applications that were grandfathered in to allow the functionality to persist.

New applications, or any OAuth 2 applications that have a redirect URI specified are not impacted.

How to update your OAuth 2 app redirect URI

If your OAuth 2 application has started to produce an error during the redirect phase, you may be impacted by this change. To update your application(s), use the following steps:

• Go to the Box developer console as the user who owns the application(s).
• From the top navigation, click on Configuration.
• Scroll down to the OAuth 2.0 Redirect URI section. 
• For any application where this URI is blank, add the URI that is being used in the application code when redirecting the user back to your application from the Box auth step, as is described in this guide.

Box CLI v2.8.0 released

Warning:

• Due to the changes in (#217), additional details about Box Items may now be returned for some commands.

New Features and Enhancements:

• Output contents of array for bulk commands (#217)

Bug Fixes:

• Fix bug with setting proxy settings (#218)

New type field in search API responses

A new field, type, has been introduced in the search result response object for returned shared link items.

This response object format is only returned when making calls to the content search endpoint with the include_recent_shared_links query parameter set to true.

There is no impact to existing applications that are currently consuming this response object.

Updates

Prior to this release, the return object for shared link search results included two objects:

• accessible_via_shared_link: The shared link which the item is accessible from.
• item: The file, folder, or web link that matched the search query.

{
  "accessible_via_shared_link": "https://www.box.com/s/vfejh7y01sb263wjtgfe",
  "item": {
    ...
  }
}

This update introduces the new type field, which is a string that will always be set to search_result.

{
  "type": "search_result",
  "accessible_via_shared_link": "https://www.box.com/s/vfejh7y01sb263wjtgfe",
  "item": {
    ...
  }
}

For complete format information see the shared link search result response object.

Box Java SDK v2.52.0 released

New Features and Enhancements:

• Add folder lock functionality (#856)
• Add support for search parameter to get shared link items (#855)

Bug Fixes:

• Fix bug with updating tracking codes (#857)

Announcing Client Credentials Grant authentication

A new method for authenticating your JWT applications is now released. This new method, Client Credentials Grant, does not impact existing applications but offers an easier way to authenticate for new apps. Prior to today, we required a public/private key pair and assertion to verify an application’s identity and retrieve an Access Token. Now, you can request a token using only your client ID and client secret.

curl --location --request POST ‘https://api.box.com/oauth2/token’ \
--header ‘Content-Type: application/x-www-form-urlencoded’ \
--data-urlencode ‘client_id=<client_id>’ \
--data-urlencode ‘client_secret=<client_secret>’ \
--data-urlencode ‘grant_type=client_credentials’ \
--data-urlencode ‘box_subject_type=enterprise’ \
--data-urlencode ‘box_subject_id=<enterprise_id>’

For further information, please visit our guide.

Updates

• Added client credentials grant as an auth option for new applications
• Added 2FA requirement to copy/view client secret
• Added selected authentication method in the Enterprise Authorization request
• Removed the ability to change authentication type

Box iOS SDK v4.2.0 released

Breaking Changes:

New Features and Enhancements:

• Add error information for disconnected OAuth web sessions

Bug Fixes:

• Fix bug with creating collaboration
• Fix bug with getting enterprise events