Cloud content management and file sharing service for businesses.
Applies an instance of a metadata template to a file. in most cases only values that are present in the metadata template will be accepted, except for the global.properties template which accepts any key-value pair.
Creates a new metadata cascade policy that applies a given metadata template to a given folder and automatically cascades it down to any files within that folder. in order for the policy to be applied a metadata instance must first be applied to the folder the policy is to be applied to.
Close an upload session and create a file from the uploaded chunks. the actual endpoint url is returned by the create upload session and get upload session endpoints.
Creates a slack integration mapping by mapping a slack channel to a box item. you need admin or co-admin role to use this endpoint.
Adds a comment by the user to a specific file, or as a reply to an other comment.
Applies an instance of a metadata template to a folder. in most cases only values that are present in the metadata template will be accepted, except for the global.properties template which accepts any key-value pair. to display the metadata template in the box web app the enterprise needs to be configured to enable cascading folder level metadata for the user in the admin console.
Adds a collaboration for a single user or a single group to a file or folder. collaborations can be created using email address, user ids, or a group ids. if a collaboration is being created with a group, access to this endpoint is dependent on the group’s ability to be invited. if collaboration is in pending status, the following fields are redacted: - login and name are hidden if a collaboration was created using user id, - name is hidden if a collaboration was created using login.
Sends an ai request to supported llms and returns an answer specifically focused on the user’s question given the provided context.
Creates a new entry in the list of allowed domains to allow collaboration for.
Creates a retention policy.
Creates a single task on a file. this task is not assigned to any user and will need to be assigned separately.
Creates a teams integration mapping by mapping a teams channel to a box item. you need admin or co-admin role to use this endpoint.
Creates a new managed user in an enterprise. this endpoint is only available to users and applications with the right admin permissions.
Deletes an ai agent using the provided parameters.
Creates a shield information barrier to separate individuals/groups within the same firm and prevents confidential information passing between them.
Deletes a folder, either permanently or by moving it to the trash.
Creates a shield information barrier segment.
Adds a new email alias to a user account..
Deletes a file, either permanently or by moving it to the trash. the enterprise settings determine whether the item will be permanently deleted from box or moved to the trash.
Creates a terms of service for a given enterprise and type of user.
Deletes a file request permanently.
Exempts a user from the restrictions set out by the allowed list of domains for collaborations.
Creates a shield information barrier report for a given barrier.
Creates a new empty folder within the specified parent folder.
Deletes a folder lock on a given folder. you must be authenticated as the owner or co-owner of the folder to use this endpoint.
Invites an existing external user to join an enterprise. the existing user can not be part of another enterprise and must already have a box account. once invited, the user will receive an email and are prompted to accept the invitation within the box web application. this method requires the “manage an enterprise” scope enabled for the application, which can be enabled within the developer console.
Permanently deletes a retention policy.
Deletes a shield information barrier segment member based on provided id.
Creates a folder lock on a folder, preventing it from being moved and/or deleted. you must be authenticated as the owner or co-owner of the folder to use this endpoint.
Creates an upload session for a new file.
Delete shield information barrier segment restriction based on provided id.
Sets the status for a terms of service for a user.
Deletes the shield information barrier segment based on provided id.
Creates a new group of users in an enterprise. only users with admin permissions can create new groups.
Creates a copy of a file.
Deletes a slack integration mapping. you need admin or co-admin role to use this endpoint.
Creates a webhook.
Removes an existing user avatar. you cannot reverse this operation.
Creates an upload session for an existing file.
Returns the contents of a zip archive in binary format. this url does not require any form of authentication and could be used in a user’s browser to download the archive to a user’s device. by default, this url is only valid for a few seconds from the creation of the request for this archive. once a download has started it can not be stopped and resumed, instead a new request for a zip archive would need to be created. the url of this endpoint should not be considered as fixed. instead, use the [create zip download](e://post zip downloads) api to request to create a zip archive, and then follow the download url field in the response to this endpoint.
Deletes a teams integration mapping. you need admin or co-admin role to use this endpoint.
Returns the contents of a file in binary format.
Deletes a user. by default this will fail if the user still owns any content. move their owned content first before proceeding, or use the force field to delete the user and their files.
Validates the roles and permissions of the user, and creates asynchronous jobs to terminate the user’s sessions. returns the status for the post request.
Sends an ai request to supported large language models (llms) and returns extracted metadata as a set of key-value pairs. for this request, you either need a metadata template or a list of fields you want to extract. input is either a metadata template or a list of fields to ensure the structure. to learn more about creating templates, see creating metadata templates in the admin console or use the metadata template api.
Validates the roles and permissions of the group, and creates asynchronous jobs to terminate the group’s sessions. returns the status for the post request.
Force the metadata on a folder with a metadata cascade policy to be applied to all of its children. this can be used after creating a new cascade policy to enforce the metadata to be cascaded down to all existing files within that folder.
Creates a new metadata template that can be applied to files and folders.
Finds a metadata template by searching for the id of an instance of the template.
Creates a request to download multiple files and folders as a single zip archive file. this api does not return the archive but instead performs all the checks to ensure that the user has access to all the items, and then returns a download url and a status url that can be used to download the archive. the limit for an archive is either the account’s upload limit or 10,000 files, whichever is met first. note: downloading a large file can be affected by various factors such as distance, network latency, bandwidth, and congestion, as well as packet loss ratio and current server load. for these reasons we recommend that a maximum zip archive total size does not exceed 25gb.
Sends an ai request to supported large language models (llms) and extracts metadata in form of key-value pairs. in this request, both the prompt and the output can be freeform. metadata template setup before sending the request is not required.
Copies an existing file request that is already present on one folder, and applies it to another folder.
Sends an ai request to supported large language models (llms) and returns generated text based on the provided prompt.
Creates a copy of a folder within a destination folder. the original folder will not be changed.
Assigns a retention policy to an item.
Creates a storage policy assignment for an enterprise or user.
Creates a new shield information barrier segment member.
Adds or updates a user avatar.
Adds a classification to a folder by specifying the label of the classification to add. this api can also be called by including the enterprise id in the url explicitly, for example /folders/:id/enterprise 12345/securityclassification-6vmvochwuwo.
Adds a classification to a file by specifying the label of the classification to add. this api can also be called by including the enterprise id in the url explicitly, for example /files/:id//enterprise 12345/securityclassification-6vmvochwuwo.
When an enterprise does not yet have any classifications, this api call initializes the classification template with an initial set of classifications. if an enterprise already has a classification, the template will already exist and instead an api call should be made to add additional classifications.
Assigns a task to a user. a task can be assigned to more than one user by creating multiple assignments.
Authorize a user by sending them through the box website and request their permission to act on their behalf. this is the first step when authenticating a user using oauth 2.0. to request a user’s authorization to use the box apis on their behalf you will need to send a user to the url with this format.
Cancels a sign request.
Creates an ai agent. at least one of the following capabilities must be provided: ask, text gen, extract.
Applies one or more box skills metadata cards to a file.
Change status of shield information barrier with the specified id.
Creates a signature request. this involves preparing a document for signing and sending the signature request to signers.
Creates a shield information barrier segment restriction object.
Applies or update a watermark on a folder.
Applies or update a watermark on a file.
Gets an ai agent using the agent id parameter.
Creates a group membership. only users with admin-level permissions will be able to use this api.
Get the ai agent default config
Fetches details of a specific box sign template.
Retrieves a file that has been moved to the trash. please note that only if the file itself has been moved to the trash can it be retrieved with this api call. if instead one of its parent folders was moved to the trash, only that folder can be inspected using the [get /folders/:id/trash](e://get folders id trash) api. to list all items that have been moved to the trash, please use the get /folders/trash/items api.
Retrieves a shield information barrier report by its id.
Retrieve the watermark for a folder.
Retrieves the classification metadata instance that has been applied to a file. this api can also be called by including the enterprise id in the url explicitly, for example /files/:id//enterprise 12345/securityclassification-6vmvochwuwo.
Fetches a specific terms of service.
The listevents endpoint provides information about the events available in the box system. this options method allows developers to discover the capabilities and requirements for interacting with the /events endpoint. it’s particularly useful for understanding the types of events that can be monitored, the format of event data, and any constraints or limitations on event retrieval. this endpoint should be used when setting up event monitoring or webhook integrations to ensure proper configuration and understanding of the event system. while it doesn’t directly fetch events, it offers crucial metadata for effectively working with box’s event streaming and notification features.
Retrieves a single collaboration.
Gets a sign request by id.
Retrieves the classification metadata instance that has been applied to a folder. this api can also be called by including the enterprise id in the url explicitly, for example /folders/:id/enterprise 12345/securityclassification-6vmvochwuwo.
Returns a list of files under retention for a retention policy assignment.
Returns the status of a user invite.
Returns a domain that has been deemed safe to create collaborations for within the current enterprise.
Retrieve the watermark for a file.
Retrieve a specific metadata cascade policy assigned to a folder.
Retrieves a specific webhook
Retrieves a collection by its id.
Retrieve a list of the past versions for a file. versions are only tracked by box users with premium accounts. to fetch the id of the current version of a file, use the get /file/:id api.
Retrieves the details about a file.
Retrieves a list of pending and active collaborations for a file. this returns all the users that have access to the file or have been invited to the file.
Used to retrieve all generic, global metadata templates available to all enterprises using box.
Retrieves the files and/or folders contained within this collection.
Retrieves information about the user who is currently authenticated. in the case of a client-side authenticated oauth 2.0 application this will be the user who authorized the app. in the case of a jwt, server-side authenticated application this will be the service account that belongs to the application by default. use the as-user header to change who this api call is made on behalf of.
Gets box sign templates created by a user.
Retrieves a list of comments for a file.
List the box skills metadata cards that are attached to a file.
Retrieves the message and metadata for a specific comment, as well as information on the user who created the comment.
Retrieves all collections for a given user. currently, only the favorites collection is supported.
Retrieves the instance of a metadata template that has been applied to a file.
Retrieves the instance of a metadata template that has been applied to a folder. this can not be used on the root folder with id 0.
Retrieves a list of pending and active collaborations for a folder. this returns all the users that have access to the folder or have been invited to the folder.
Retrieves the information about a file request.
this is a beta feature, which means that its availability might be limited. returns all app items the folder is associated with. this includes app items associated with ancestors of the folder. assuming the context user has access to the folder, the type/ids are revealed even if the context user does not have view permission on the app item.
Retrieves folder lock details for a given folder. you must be authenticated as the owner or co-owner of the folder to use this endpoint.
Retrieves all of the groups for a given enterprise. the user must have admin permissions to inspect enterprise’s groups.
Retrieves all file version retentions for the given enterprise. note: file retention api is now deprecated. to get information about files and file versions under retention, see files under retention or file versions under retention endpoints.
Retrieves all metadata for a given file.
Retrieves all the members for a group. only members of this group or users with admin-level permissions will be able to use this api.
Retrieves all the collaborations for a group. the user must have admin permissions to inspect enterprise’s groups. each collaboration object has details on which files or folders the group has access to and with what role.
Retrieves a page of items in a folder. these items can be files, folders, and web links. to request more information about the folder itself, like its size, use the get a folder endpoint instead.
Used to retrieve all metadata templates created to be used specifically within the user’s enterprise
Retrieves information about an individual device pin.
Retrieves a metadata template by its id.
Retrieves a folder that has been moved to the trash. please note that only if the folder itself has been moved to the trash can it be retrieved with this api call. if instead one of its parent folders was moved to the trash, only that folder can be inspected using the [get /folders/:id/trash](e://get folders id trash) api. to list all items that have been moved to the trash, please use the get /folders/trash/items api.
Retrieves all metadata for a given folder. this can not be used on the root folder with id 0.
Returns all defined webhooks for the requesting application. this api only returns webhooks that are applied to files or folders that are owned by the authenticated user. this means that an admin can not see webhooks created by a service account unless the admin has access to those folders, and vice versa.
Returns the download status of a zip archive, allowing an application to inspect the progress of the download as well as the number of items that might have been skipped. this endpoint can only be accessed once the download has started. subsequently this endpoint is valid for 12 hours from the start of the download. the url of this endpoint should not be considered as fixed. instead, use the [create zip download](e://post zip downloads) api to request to create a zip archive, and then follow the status url field in the response to this endpoint.
Retrieves a thumbnail, or smaller image representation, of a file. sizes of 32x32,64x64, 128x128, and 256x256 can be returned in the .png format and sizes of 32x32, 160x160, and 320x320 can be returned in the .jpg format. thumbnails can be generated for the image and video file formats listed [found on our community site][1]. [1]: https://community.box.com/t5/migrating-and-previewing-content/file-types-and-fonts-supported-in-box-content-preview/ta-p/327
Return a list of the chunks uploaded to the upload session so far. the actual endpoint url is returned by the create upload session and get upload session endpoints.
Retrieves all the device pins within an enterprise. the user must have admin privileges, and the application needs the “manage enterprise” scope to make this call.
Returns a list of all retention policy assignments associated with a specified retention policy.
Retrieves all pending collaboration invites for this user.
Retrieves a list of all the metadata cascade policies that are applied to a given folder. this can not be used on the root folder with id 0.
Retrieves a list of shield information barrier objects for the enterprise of jwt.
Retrieves a metadata template by its scope and templatekey values. to find the scope and templatekey for a template, list all templates for an enterprise or globally, or list all templates applied to a file or folder.
Gets signature requests created by a user. if the sign files and/or parent folder are deleted, the signature request will not return in the list.
Retrieves a shield information barrier segment member by its id.
Returns information about the recent items accessed by a user, either in the last 90 days or up to the last 1000 items accessed.
Retrieves all of the retention policies for an enterprise.
Returns information about a file version retention. note: file retention api is now deprecated. to get information about files and file versions under retention, see files under retention or file versions under retention endpoints.
Retrieve a specific version of a file. versions are only tracked for box users with premium accounts.
Lists shield information barrier reports.
Retrieves a list of shield information barrier segment objects for the specified information barrier id.
Lists ai agents based on the provided parameters.
Return information about an upload session. the actual endpoint url is returned by the create upload session endpoint.
Fetches a specific storage policy.
Lists shield information barrier segment restrictions based on provided segment id.
Lists shield information barrier segment members based on provided segment ids.
Returns a list of file versions under retention for a retention policy assignment.
Get shield information barrier based on provided id.
Retrieves shield information barrier segment based on provided id..
Retrieves a retention policy assignment
Fetches a specific storage policy assignment.
Retrieves an image of a the user’s avatar.
Retrieves a shield information barrier segment restriction based on provided id.
Retrieves a retention policy.
Retrieves information about a user in the enterprise. the application and the authenticated user need to have the permission to look up users in the entire enterprise. this endpoint also returns a limited set of information for external users who are collaborated on content owned by the enterprise for authenticated users with the right scopes. in this case, disallowed fields will return null instead.
Returns the list domains that have been deemed safe to create collaborations for within the current enterprise.
Returns a list of all users for the enterprise along with their user id, public name, and login. the application and the authenticated user need to have the permission to look up users in the entire enterprise.
Retrieves information about a task assignment.
Retrieves a specific group membership. only admins of this group or users with admin-level permissions will be able to use this api.
Retrieves details for a folder, including the first 100 entries in the folder. passing sort, direction, offset, and limit parameters in query allows you to manage the list of returned folder items. to fetch more items within the folder, use the get items in a folder endpoint.
Returns a users who has been exempt from the collaboration domain restrictions.
Retrieves information about a specific task.
this is a beta feature, which means that its availability might be limited. returns all app items the file is associated with. this includes app items associated with ancestors of the file. assuming the context user has access to the file, the type/ids are revealed even if the context user does not have view permission on the app item.
Retrieves information about a group. only members of this group or users with admin-level permissions will be able to use this api.
Retrieves the classification metadata template and lists all the classifications available to this enterprise. this api can also be called by including the enterprise id in the url explicitly, for example /metadata templates/enterprise 12345/securityclassification-6vmvochwuwo/schema.
Fetches all the storage policies in the enterprise.
Retrieves all email aliases for a user. the collection does not include the primary login for the user.
Fetches all the storage policy assignment for an enterprise or user.
Retrieves the files and folders that have been moved to the trash. any attribute in the full files or folders objects can be passed in with the fields parameter to retrieve those specific attributes that are not returned by default. this endpoint defaults to use offset-based pagination, yet also supports marker-based pagination using the marker parameter.
Retrieves an overview of users and their status for a terms of service, including whether they have accepted the terms and when.
Retrieves a list of all the tasks for a file. this endpoint does not support pagination.
Lists all of the assignments for a given task.
Deletes a piece of folder metadata.
Deletes a single collaboration.
Removes the watermark from a file.
Removes a user’s exemption from the restrictions set out by the allowed list of domains for collaborations.
Retrieves all the groups for a user. only members of this group or users with admin-level permissions will be able to use this api.
Returns up to a year of past events for a given user or for the entire enterprise. by default this returns events for the authenticated user. to retrieve events for the entire enterprise, set the stream type to admin logs streaming for live monitoring of new events, or admin logs for querying across historical events. the user making the api call will need to have admin privileges, and the application will need to have the scope manage enterprise properties checked.
Lists teams integration mappings in a users’ enterprise. you need admin or co-admin role to use this endpoint.
Lists slack integration mappings in a users’ enterprise. you need admin or co-admin role to use this endpoint.
Removes any classifications from a folder. this api can also be called by including the enterprise id in the url explicitly, for example /folders/:id/enterprise 12345/securityclassification-6vmvochwuwo.
Removes the watermark from a folder.
Restores a folder that has been moved to the trash. an optional new parent id can be provided to restore the folder to in case the original folder has been deleted. during this operation, part of the file tree will be locked, mainly the source folder and all of its descendants, as well as the destination folder. for the duration of the operation, no other move, copy, delete, or restore operation can performed on any of the locked folders.
Returns the current terms of service text and settings for the enterprise.
Updates a file. this can be used to rename or move a file, create a shared link, or lock a file.
Update the message of a comment.
Updates a folder. this can be also be used to move the folder, create shared links, update collaborations, and more.
Updates a specific storage policy assignment.
Deletes a webhook.
Returns list of workflows that act on a given folder id, and have a flow with a trigger type of workflow manual start. you application must be authorized to use the manage box relay application scope within the developer console in to use this endpoint.
Delete a storage policy assignment. deleting a storage policy assignment on a user will have the user inherit the enterprise’s default storage policy. there is a rate limit for calling this endpoint of only twice per user in a 24 hour time frame.
Permanently deletes a comment.
Updates a user’s group membership. only admins of this group or users with admin-level permissions will be able to use this api.
Updates a file request. this can be used to activate or deactivate a file request.
Updates a specific group. only admins of this group or users with admin-level permissions will be able to use this api.
Updates a retention policy.
Permanently deletes a file that is in the trash. this action cannot be undone.
Deletes an individual device pin.
Updates a specific terms of service.
Deletes a specific task assignment.
Updates a slack integration mapping. supports updating the box folder id and options. you need admin or co-admin role to use this endpoint.
Permanently deletes a folder that is in the trash. this action cannot be undone.
Updates a task. this can be used to update a task’s configuration, or to update its completion state.
Updates a teams integration mapping. supports updating the box folder id and options. you need admin or co-admin role to use this endpoint.
Updates a task assignment. this endpoint can be used to update the state of a task assigned to a user.
Removes a domain from the list of domains that have been deemed safe to create collaborations for within the current enterprise.
Updates an ai agent.
Updates a webhook.
Updates the status for a terms of service for a user.
Uploads a small file to box. for file sizes over 50mb we recommend using the chunk upload apis. the attributes part of the body must come before the file part. requests that do not follow this format when uploading the file will receive a http 400 error with a metadata after file contents error code.
Delete a metadata template and its instances. this deletion is permanent and can not be reversed.
Removes an email alias from a user.
Updates a managed or app user in an enterprise. this endpoint is only available to users and applications with the right admin permissions.
Uploads a chunk of a file for an upload session. the actual endpoint url is returned by the create upload session and get upload session endpoints.
Move a file version to the trash. versions are only tracked for box users with premium accounts.
Removes a retention policy assignment applied to content.
Request an access token using either a client-side obtained oauth 2.0 authorization code or a server-side jwt assertion. an access token is a string that enables box to verify that a request belongs to an authorized session. in the normal order of operations you will begin by requesting authentication from the authorize endpoint and box will send you an authorization code. you will then send this code to this endpoint to exchange it for an access token. the returned access token can then be used to make box api calls.
Performs a check to verify that a file will be accepted by box before you upload the entire file.
Update a file’s content. for file sizes over 50mb we recommend using the chunk upload apis. the attributes part of the body must come before the file part. requests that do not follow this format when uploading the file will receive a http 400 error with a metadata after file contents error code.
Resends a signature request email to all outstanding signers.
Permanently deletes a group. only users with admin-level permissions will be able to use this api.
Restores a file that has been moved to the trash. an optional new parent id can be provided to restore the file to in case the original folder has been deleted.
Restores a specific version of a file after it was deleted. don’t use this endpoint to restore box notes, as it works with file formats such as pdf, doc, pptx or similar.
Updates the shield information barrier segment based on provided id..
An alternative method that can be used to overwrite and update all box skill metadata cards on a file.
Revoke an active access token, effectively logging a user out that has been previously authenticated.
Returns a list of users who have been exempt from the collaboration domain restrictions.
Promote a specific version of a file. if previous versions exist, this method can be used to promote one of the older versions to the top of the version history. this creates a new copy of the old version and puts it at the top of the versions history. the file will have the exact same contents as the older version, with the same hash digest, etag, and name as the original. other properties such as comments do not get updated to their former values. don’t use this endpoint to restore box notes, as it works with file formats such as pdf, doc, pptx or similar.
Removes a task from a file.
Deletes a piece of file metadata.
Updates a collaboration. can be used to change the owner of an item, or to accept collaboration invites.
Initiates a flow with a trigger type of workflow manual start. you application must be authorized to use the manage box relay application scope within the developer console.
Refresh an access token using its client id, secret, and refresh token.
Transfers ownership of a specific folder (with id 0) from one user to another in the box cloud storage system. this endpoint should be used when you need to change the owner of a user’s root folder, effectively transferring all of their content to another user. it’s particularly useful in scenarios such as employee offboarding or role transitions within an organization. the operation is irreversible, so it should be used with caution. note that this endpoint specifically targets the folder with id 0, which typically represents a user’s root folder in box.
Deletes a metadata cascade policy.
Removes any classifications from a file. this api can also be called by including the enterprise id in the url explicitly, for example /files/:id//enterprise 12345/securityclassification-6vmvochwuwo.
Deletes a specific group membership. only admins of this group or users with admin-level permissions will be able to use this api.
Abort an upload session and discard all data uploaded. this cannot be reversed. the actual endpoint url is returned by the create upload session and get upload session endpoints.
Removes any box skills cards metadata from a file.
Searches for files, folders, web links, and shared files across the users content or across the entire enterprise.
Create a search using sql-like syntax to return items that match specific metadata. by default, this endpoint returns only the most basic info about the items for which the query matches. to get additional fields for each item, including any of the metadata, use the fields attribute in the query.