Folder Lock API: Always receiving 404 "not_found" for folder ID

I’m trying to build some features using the Folder Lock API: https://developer.box.com/reference/post-folder-locks/.

However, when I try to do a simple curl POST command to lock a folder, I always receive a 404 “not_found” regardless of the folder I pass to it. The GET command works fine and obviously returns an empty array since I haven’t successfully locked a folder yet, but I know the endpoint and my access token works fine.

Are there other exceptions to this feature that aren’t documented? I have ensured I am the sole owner of the folder (no co-owners), but it has been shared with others a Editors.

For added detail, I am using the Oauth 2.0 method for access.

Any help/guidance on locking folders via the API would be much appreciated!

Hi @aaron. Do you get the full error message in response to your curl call?

Example:

{
  "type": "error",
  "status": 404,
  "code": "not_found",
  "help_url": "http://developers.box.com/docs/#errors",
  "message": "Authorization Failed",
  "request_id": "0c542d24b7e5d4529f46074f93eb65e0"
}

Yes, I do.

{
  "type":"error",
  "status":404,
  "code":"not_found",
  "help_url":"http://developers.box.com/docs/#errors",
  "message":"Authorization Failed",
  "request_id":"0de3761e24d71e887e31fcadf078919c8"
}

I’ve ensured that via Oauth 2.0, I am authenticated with the same user ID that owns the folder by using the /users/me and the /folders/{folder_id} endpoints as well. I’m not sure if it’s odd or not that I can successfully get folder lock info via GET and the URL query ?folder_id= but not POST with the JSON body.

Interesting. I tried this on my test system with postman and it worked ok:

POST {{baseUrl}}/folder_locks

Body

{
  "folder": {
    "type": "folder",
    "id": "{{folder_id}}"
  },
  "locked_operations": {
    "move": true,
    "delete": true
  }
}

Response:

{
    "folder": {
        "type": "folder",
        "id": "163944286342",
        "sequence_id": "0",
        "etag": "0",
        "name": "test folder"
    },
    "id": "2805613200",
    "type": "folder_lock",
    "created_by": {
        "id": "19498290761",
        "type": "user"
    },
    "created_at": "2023-06-23T17:48:16Z",
    "lock_type": "freeze",
    "locked_operations": {
        "move": true,
        "delete": true
    }
}

Can you share the curl command you are using (minus any sensitive data, of course)

Sure thing, I’m just running the curl from my terminal after copy/pasting the access token from my app.

curl -i -X POST "https://api.box.com/2.0/folder_locks" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -H "Content-Type: application/json" \
     -d '{
       "folder": {
         "type": "folder",
         "id": "{{folder_id}}"
       },
       "locked_operations": {
         "move": true,
         "delete": true
       }
     }'

Pretty much exactly what the example docs show.

hmm… that worked for me, as well. And you are using curl to get a bearer token with OAuth 2 and then using that token for <ACCESS_TOKEN> above?

Correct. I’m also on an enterprise box account. I’m not sure if that would effect it? I don’t have admin access but I didn’t see anything about needing it for folder locking, just folder ownership.

The access token has worked for pretty much every other API endpoint I’ve tried, except this one.

Update: I tried using the developer token instead, and the folder successfully locked. So it does seem like an issue with my Oauth access token.

hmmm, maybe a missing scope. What do the scopes look like in your app in the developer console?

Screenshot 2023-06-23 at 2.42.45 PM2892×1172 241 KB

It was indeed missing a scope!

I had added write access earlier but didn’t re-sign in to authenticate. I was still using the same access token(s) from refreshing the token.

I deleted the access token and refresh token from my application and signed in again and the locking now works!

Thank you for your quick responses and assistance!

Great news! Happy coding, my friend!