My Apps

    As-User Header

    As-User Header

    It is possible to for an OAuth 2.0 application to act on behalf of another user through the As-User header.

    curl https://api.box.com/2.0/folders/0 \
      -H "As-User: [USER_ID]"
      -H "Authorization: Bearer [ACCESS_TOKEN]"

    In this situation the user ID is the Box identifier for a user. User IDs can found for any user via the GET /users endpoint, which is only available to admins, or by calling the GET /users/me endpoint with an authenticated user session.

    Preconditions

    Using the As-User header has a few requirements. Firstly, the application needs to be configured to perform actions as users in the developer console.

    Advanced Features

    Additionally, the authenticated user needs to be a user with admin permissions, meaning either an admin, co-admin, or service account. See our guide on User Types for more details.

    As-User using SDKs

    .NET
    var user_client = new BoxClient(config, session, asUser: '[USER_ID]');
    Java
    client.asUser([USER_ID]");
    // client.asSelf();
    Python
    user_to_impersonate = client.user(user_id='[USER_ID]')
    user_client = client.as_user(user_to_impersonate)
    Node
    client.asUser('[USER_ID]');
    // client.asSelf();

    Please note that some of our SDKs create new clients for the other user, while others modify the existing client and provide a way to return to a state where the client authenticates for the original user itself.