Box API Call to Create Metadata Cascade Policy - 404 Error


I am trying to use the API to add a security classification to a folder and then create a metadata cascade policy so that the classification cascades to anything added to that folder. I can add the classification successfully through the API, but I cannot create the metadata cascade policy.

In Postman, my request body to create the metadata cascade policy looks like this:

  "folder_id": "12345678901",
  "scope": "enterprise_XXXXXX",
  "templateKey": "securityClassification-6VMVochwUWo"

But this returns a 404 error. Is there something wrong with my request? Or am I missing a step somewhere else? I’m able to do this successfully through the Box CLI, but not by making API calls through my integration app (which uses OAuth 2.0 w/ Client Credentials Grant (Server Authentication)).

Hi @mlandgrafstl , welcome to the forum!!!

A not found (404) would tell me that the folder is not accessible to that user.

You mention a CCG authentication, however typically Postman is configured to use OAuth, which picks up the security context of a user, while CCG can either be a user or a service account.

I’m wondering if there is some discrepancy in the security context.
Is the security context used on the CLI the exact same as Postman?

Hi @rbarbosa !

This API call is part of a NetSuite script that automatically runs every night, which is why I’m using CCG authentication rather than OAuth for my Box Authentication App. However, I’m authenticating as a specific user (my own user account) when generating the access token, and I am a co-owner on the folder in question.

The CLI goes through a different Box Authentication App that uses OAuth; however, I’m still logging into my account to authenticate it, so I’d think the permissions would be the same.

Hi @mlandgrafstl

So I’ve just done a quick test of creating a metadata cascade policy using using postman:

…and it works…

As you can see the security template id is the same for everyone, and on my postman I’m logged as an administrator using OAuth.

So to test on your side to see if we can figure out where the 404 is coming from, see if you can, using postman, list the contents of the folder, find the security template on the templates list, and get the template details.

  • https://{{}}/2.0/folders/:folder_id/items
  • https://{{}}/2.0/metadata_templates/enterprise
  • https://{{}}/2.0/metadata_templates/:template_id

If the postman user can in fact see the folder, I suspect it may not be able to see the template it self.

Let us know.


@rbarbosa I’ve successfully tested those three endpoints in Postman. They returned the folder items, list of templates, and template details as expected.

Sometimes the 404 response message contains contextual information around. Does the 404 response that you are getting contain any hints?