Garrett Flora
My feedback
5 results found
-
17 votesGarrett Flora supported this idea ·
-
15 votesGarrett Flora supported this idea ·
-
5 votesGarrett Flora supported this idea ·
-
9 votesGarrett Flora supported this idea ·
-
17 votesGarrett Flora supported this idea ·
An error occurred while saving the comment
We have a use case at the University of Arizona that requires the Workflow API to:
1. Allow a service account to create a workflow and/or allow a user to create and share a workflow with a service account.
2. Allow a service account to start any workflow that it owns, or co-owns.
The API currently allows a service account to access the 'Starts workflow based on request body' (https://developer.box.com/reference/post-workflows-id-start/) endpoint. but doesn't allow a service account to own, or co-own, a workflow, which prevents the service account from utilizing said endpoint. Using the as-user header and/or user access token provides too broad of a level of access for a service account, representing a security hole, as it can kick off workflows owned by anybody in our enterprise.