Alternatives to Webdav

Hi Rui ,
We are having company account with Box site, where were using
Webdev (using curl ) to upload files to Box site .
“*/opt/bin/curl -vsiS -n -T*/
so from 5 years we have been uploading files to site.Now we came to know that webdev is being depricated .And it is no longer working.

Could you please suggest how can we move forward with this.
AFter going through developer documents i found the similar kind of things related to curl .

curl -X POST
-*H ‘Authorization: Bearer DEVTOKEN’ *
-H “Content-Type: multipart/form-data”
-F attributes=‘{“name”:“Photo.jpg”, “parent”:{“id”:“121466666995”}}’
-F file=@Photo.jpg

How can we get Authorization parameter for already created application .
Thanks in advance

Hi @user163 , welcome to forum!

I’ve moved your post into this new topic.

To your question, that depends on the authorization type of your app. Are you using OAuth, CCG or JWT?

Also help us understand where you want to use this? From the curl example it looks like you will be calling this from inside a script, and I was wondering if the Box CLI could be better suited.

Let us know.

Hi @rbarbosa
thanks for replying .I need to go through all the other types.
yes you are right, we were using inside the script.
and that time authentication was : username and password
that is stored in .netrc file in Unix.
code was like “curl -vsiS -n -T >>$response_log 2>&1”
Do you think we can do similar things with Box CLI as well.
And can we upload files using Box CLI too .What will be the url in this case ?
sorry for asking naive questions i am new to this.

Hi @user163

In that case I think 2 options are available, any of them imply the need to create a Client Credential Grant (CCG) application.

Option 1: Using the Box CLI
If you can install the Box CLI in the environment from where you do the upload, then you can use it in the script as a normal command, and with the CCG authentication it takes care of getting the access token for you. In other words you should be able to use a one line command for the upload after all the configs are set.

Check out this page on how to configure Box CLI to authenticate using CCG, and this one for uploading files.

Option 2: Using cURL
You can still use cURL, but you would need to get the access token first, and from there use it as a Bearer token for the upload command.
Since the access token will be valid for 60 minutes you probably want to revoke the token immediately after.
All in all this would be about 3 cURL command, to get the access token, to do the upload and then the revoke.

A final note that from a permissions perspective, the service user must be able to access the destination folder. So you’ll need to share that folder with the service account user associated with the application.

Let us know if this helps


Hi @rbarbosa
yes it was great help.
although i will go through first option as well.But still can we get more info or examples or any video for the 2nd option you mentioned with cURL.
In this 2nd option scenario what will be the URL.
and how can we get access token and bearer do we have to install configuration for that .

Thanks a lot

I don’t have a video handy, but I can paste some cURL examples.

To get the access token:

curl --location '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<MYCLIENTID>' \
--data-urlencode 'client_secret=<MYCLIENTSECRET>' \
--data-urlencode 'box_subject_type=enterprise' \
--data-urlencode 'box_subject_id=<MYENTERPRISEID>'

Resulting in:

    "access_token": "<MYACCESSTOKEN>",
    "expires_in": 4245,
    "restricted_to": [],
    "token_type": "bearer"

Use the above access token as the bearer token on the upload cURL, in my case to the root folder:

curl --location '' \
--header 'Content-Type: multipart/form-data' \
--header 'Authorization: Bearer <MYACCESSTOKEN>' \
--form 'attributes="{
  \"name\": \"box_dev_a.png\",
  \"parent\": {
    \"id\": \"0\"
}"' \
--form 'file=@"/Users/rbarbosa/Downloads/box_dev_a.png"'


    "total_count": 1,
    "entries": [
            "type": "file",
            "id": "1409474185839",
            "etag": "0",
            "name": "box_dev_a.png"

Revoking the access token:

curl --location '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<MYCLIENTID>' \
--data-urlencode 'client_secret=<MYCLIENTSECRET>' \
--data-urlencode 'token=<MYACCESSTOKEN>'

No data is returned, just a 200 ok HTTP result code

Hi @rbarbosa

as you can see there is no authorization tab. so how can i authorize for the app .and get the access token. is it because we are having “Personal Pro” account.
Please guide in this


That explains a lot, I should have started with that question.

It seems your are using a free account, and in free accounts you can’t access the administration console and authorize applications.

You need to have an application configured to use OAuth 2.0 authentication.

Although OAuth does require manual intervention for the first use, as long as your app is used at least once every 60 days, it is suitable for scripting and Box CLI.


HI @rbarbosa
I think our company has been using : Personal Pro (type) and also it does not look like it is free one.

At the same time my company manager would like to discuss this issue with your team
on this .so that you can suggest appropriately. we are wasting so much time daily posting these things :slight_smile:
Please suggest how the communication can be done.
eagerly waiting for your reply.

Thanks & Regards
Animesh A S

Hi Animesh,

Thanks for clarifying that.

I mentioned the free accounts, because they are popular with developers trying out the API, and they get stuck in the same use case you mentioned.

That does not seem to be the case.

Since I am not qualified to discuss anything commercial or contract related, please do reach out to your box account manager, if you have one, or box sales directly. They will be able understand your requirements and match your needs with the proper tier.

From my side all I can offer is a workaround and suggest you use OAuth or Box CLI, with the limitation I’ve mentioned.

Hopefully your company can still find value in using box.

Best regards

Thanks @rbarbosa sure ll try to reach out Box sales team for that

HI @rbarbosa Preformatted text
On your suggestion we were in meetings and mails with sales team.(Sarah, Scott,Sloane).
And our only doubt was that :
" Please let us know whether Business Plan will support diff authentication methods (OAuth,Json web token ,CCG and App Auth Token ).We are more interested with Box CLI with CCG along with Pricing Details and after upgrading can we get help from support if needed "
And we had not recieved any answer from team. Could you provide the help on this.

Hello! I pinged your account team - They should be reaching out to you very soon. Appologies on the delay.

HI @rbarbosa we are also looking into finding multiple ways to upload/transfer files.
Could you please suggest is there any tutorial/document for uploading/transfer files from
GCP Buckets to Box server

Not sure if this is what you mean, but we do have some articles and guides around upload.

Check these out:

Let us know if this helps