Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
272 results found
-
API Endpoint to Manage Custom Apps
There are not currently any API endpoints to call for custom apps - ideally there would be the ability to manage scopes, disable/deauthorzie + enable/authorize, delete apps (both server and user auth)
3 votes -
Support for fetching and modifying co-admin permissions.
Support for fetching and modifying co-admin permissions.
Currently, Box allows users to retrieve a user’s role as an attribute via the /users/{user_id} endpoint. The possible role values are “user,” “admin,” and “coadmin.” While permissions for the “user” role can be accessed through this endpoint, the permissions and privileges associated with the “coadmin” role cannot be retrieved or modified through the API. This functionality is, however, accessible through the admin console user interface.
https://support.box.com/hc/en-us/articles/360044194393-Granting-And-Modifying-Co-Admin-Permissions14 votes -
Support for Hubs Management Endpoints via CLI
Available via API endpoints, but support does not yet exist for management via the CLI.
2 votes -
Disable all notifications for an integration/custom app
Rather than having to disable notifications by passing the specific header, we would like to disable notifications for an application completely by using a toggle or application scope.
1 vote -
Add PKCE Support for OAuth2 Applications
Currently, Box requires developers to use a client secret for OAuth 2.0 apps, which in turn requires standing up and maintaining a backend service just to exchange authorization codes securely.
While this is secure, it creates a huge amount of friction for developers who want to build modern, client-side applications such as single-page apps (SPAs) or mobile apps. In many cases, the only reason a backend exists is to hold a secret, nothing else.
If Box supported PKCE (Proof Key for Code Exchange), developers could authenticate directly from the client without needing a backend at all, just as they can…
1 vote -
Allow Custom Domain Email Addresses for Service Accounts and App Users
Service Accounts and App Users are automatically assigned an email address with the @boxdevedition.com domain. This becomes problematic when a company's collaboration settings define internal users by their own corporate domain (e.g., example.com).
Under this configuration, if a shared link's access level is set to "People in your company," the Service Accounts and App Users are treated as external users because their @boxdevedition.com email does not match the company's domain. Consequently, they are blocked from accessing these internal-only links, which hinders automated workflows and API-based processes.
Proposed Solution
Introduce a feature that allows administrators to change the assigned @boxdevedition.com email…1 vote -
Use the API to move a file in one Box folder and add it as a version in another folder.
Use case:
1. Un-retouched ref sits in Box folder
2. New version of file comes in from external retoucher
3. API moves incoming retouched file as version1 vote -
event stream api
Within the Event stream API, have the ability to filter events by folder ID in the “Get Enterprise Events” API call.
In addition, add missing data in Response certain event types such as:
- Folder delete doesn't give file path
- Copy gives item id of source but not name or link
- Rename doesn't give source file path
9 votes -
Get Easy Technique to Import Zimbra Emails to Outlook PST
If you want to import Zimbra emails to PST file format, this is the perfect convert software. Therefore, it is my recommendation that you use a professional program such as the BLR Zimbra emails to PST Exporter software. Without erasing any individual information, this specialized tool safely exports and imports your selected or multiple Zimbra emails to PST file format. Additionally, this program is helpful for individuals with or without technical backgrounds. All Windows OS editions are also supported by this.
1 vote -
Ability to add a parameter to control the visibility of the zoom button when creating expiring embed links
Most of the time, when viewing on mobile, it appears that the zoom button doesn't do much when pressed. Only when zoomed out does it seem to fit the document to the screen. Raymond James would like the ability to disable this when creating expiring embed links.
3 votes -
Custom Access Token TTL
Allow access token duration to be customized. Customer's security team require tokens to have a 15 min lifespan.
6 votes -
Extend the Collaborations Endpoint to Support "Accepted" Status Filter
Proposed Improvement:
Extend the Box API Collaborations Endpoint to Support "Accepted" Status FilterCurrent Endpoint Description:
The current Box API endpoint for retrieving collaborations (GET /collaborations) supports filtering by collaboration status, but it is limited to the status=pending parameter. This allows users to retrieve only pending collaboration invitations for files and folders. The endpoint is documented at:
https://developer.box.com/reference/get-collaborations/#param-statusProposed Enhancement:
Extend the GET /collaborations endpoint to include support for the status=accepted filter, enabling developers to retrieve all active (accepted) collaborations on files and folders owned by a specific Box user. This enhancement would improve the ability to manage and audit…1 vote -
Request to change token_type content when obtaining access token with API
When obtaining an access token for the Box API, the specification returns the value "bearer" with the first "B" in lowercase as the tokentype parameter, but if you set "bearer ${accesstoken}" to the value of the authorization header and execute the Box API, a 400 Bad Request will be returned. If "bearer" is changed to "Bearer", it will be processed correctly.
I would like the obtained token_type value to be "Bearer", which can be processed normally by Box API.Box APIのアクセストークン取得時、tokentypeパラメータとして先頭の"B"が小文字で"bearer"という値が返却される仕様だが、authorizationヘッダーの値に"bearer ${accesstoken}"をセットしてBox APIを実行すると400 Bad Requestとなる。"bearer"を"Bearer"とすると正常に処理される。
取得されるtoken_typeの値を、Box APIで正常処理できる"Bearer"にしてもらいたい。2 votes -
API that can get password change date
The interval at which users are required to change their passwords can be set in the Administration Console, but each user is required on a different day.
We would like to inform users of the next password change date in advance.
You can check the password change date in the user detail report, but it takes time to output it, so if you have an API that can get the password change date, you can create a mechanism to automatically notify it.2 votes -
Check the number of API calls from the developer console of the user who executed the App
Platform report could be used to confirm API calls. But it requires authorities to export.
Display the number of API calls in use for each app in the developer console to check if the number of API calls exceeds the limit.
14 votes -
Granular Security Controls on the Box API
We wish to implement fine-grained security controls on the API which is integrating with our SSPM – at the moment the permissions are Manage and for integration to our SaaS Security Posture Management service we just require Read.
Request is to allow the following the ability to toggle to Read only
1 vote -
Include the contents of hit locations in Search API response like search result in the Web UI
Include the contents of hit locations in Search API response like search result in the Web UI
2 votes -
Enable file move or copy in content explorer UI Elements.
Enable file move or copy in content explorer UI Elements. There is no option to move or copy a files to another folder in UI elements
1 vote -
Allow user to upload file but prevent folder creation
Currently when using content explorer for box. we create ollaboration for user and even downscope the token to limit access. but there is no way where we can allow user to upload file only and prevent folder creation at same location.
1 vote -
Remove Logo on Expiring Embed Link
Hello, we would like the ability to remove the BOX logo when creating an expiring embed link while using the get file information. Just like the embed widget we would like the ability to disable the box logo when embedding an expiring embed link to an iFrame.
It would be a more seamless integration of BOX in the back ground as we are embedding these links into applications2 votes
- Don't see your idea?