Ubable to create folder using box api

https://api.box.com/2.0/folders , using this api I passed the access token (bearer) unable to create a folder
Json body :

       "name": "New Folder",
       "parent": {
         "id": "0"
    "type": "error",
    "status": 404,
    "code": "not_found",
    "context_info": {
        "errors": [
                "reason": "invalid_parameter",
                "name": "parent",
                "message": "Invalid value '0'. 'parent' with value '0' not found"
    "help_url": "http://developers.box.com/docs/#errors",
    "message": "Not Found",
    "request_id": "lg7h2vhj99q0o3yb"

Welcome to the Forum, @qaAperture :grinning:

Folder 0 matches with the root folder.
Here, we get a 404 not found error, because we don’t know who the folder belongs to.

As explained here (https://developer.box.com/reference/post-folders/): the 404 is returned :

when the authenticated user does not have access to the parent folder

According to our logs, the user making the call is not authentified. You need to authenticate the user first.
Once the user is authenticated, the root folder will be found.

Hi @CodeBoxSeb
To authenticate the user I created an app from dev console , and using its client id and client secret and grant_type as client_credentials I created an bearer token . Is this what you meant by call is not authentified. If not then how to authenticate the user first.

According to the Request ID you provided, we receive user_id=2

So it means that the user is not identified properly, because the user id can’t be 2 for sure.
Beside this, it seems the API key used is a OAuth 2.0 app, and not a client credentials.

You should check the API key used and the user ID.

Hi @qaAperture

Just to clarify, you would get an access token using a CCG application in a way similar to this, assuming I’m trying to access as a user:

curl --location 'https://api.box.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=h5...qi' \
--data-urlencode 'client_secret=Tq...38' \
--data-urlencode 'box_subject_type=user' \
--data-urlencode 'box_subject_id=18622116055'

This returns an access token:

    "access_token": "pX...y",
    "expires_in": 3970,
    "restricted_to": [],
    "token_type": "bearer"

With that access token I can make requests:

curl --location 'https://api.box.com/2.0/folders/0?fields=id%2Ctype%2Cname' \
--header 'Authorization: Bearer pX...uy' \

Resulting in:

    "type": "folder",
    "id": "0",
    "etag": null,
    "name": "All Files"

This access token is valid for 60 minutes.

Now, I’m not sure what tools or tech stack you are using, but I’m thinking it would be easier if you use our Postman Advanced Collection, or if you are coding, perhaps one of our SDK’s.

Let us know if this helps.