The following are a few limitations affecting webhooks in Box.
There's a limit of one webhook per item (file or folder) per application per authenticated user.
Once a webhook has been attached to an item no second webhook can be attached, even if this second webhook would respond to a different trigger event.
For example, let's assume a webhook has been set up to watch for
events in a folder with the name
Junk, by an application with the name
MyGreatApp and for a the user
John Doe. At that point, no second webhook can
be added to the same folder, for the same app, and for the same user, even if it
is to trigger for a
To listen to another event, either update the existing webhook, create a new application, or ideally parse the different events in your application when the webhook payloads are delivered.
There is a limit of 1000 webhooks per application, per user.
In other words, up to 1000 webhooks can be created by any application for any user and no more. To create more webhooks for a user, either create another application or apply the webhook to a higher level item in the folder structure.
The notification URL, or
address for a webhook must be a valid HTTPS URL that
resolves to a valid IP address and should have a certificate signed by a
reputable certificate authority. Box does not support self-signed SSL
The IP address of the server must be publicly accessible from the internet and
it must not be a
(*.)box.com address. The port used in the URL must be the
standard HTTPS port (
443). Notifications will not be delivered to other ports.
Webhooks can not be created on the root folder of a user, which is the folder
with the ID of