Garrett Flora

My feedback

5 results found

  1. 17 votes
    How important is this to you?
    Garrett Flora supported this idea  · 
  2. 15 votes
    How important is this to you?
    Garrett Flora supported this idea  · 
  3. 5 votes
    How important is this to you?
    Garrett Flora supported this idea  · 
  4. 9 votes
    How important is this to you?
    Garrett Flora supported this idea  · 
  5. 17 votes
    How important is this to you?
    Garrett Flora supported this idea  · 
    An error occurred while saving the comment
    Garrett Flora commented  · 

    We have a use case at the University of Arizona that requires the Workflow API to:
    1. Allow a service account to create a workflow and/or allow a user to create and share a workflow with a service account.
    2. Allow a service account to start any workflow that it owns, or co-owns.

    The API currently allows a service account to access the 'Starts workflow based on request body' (https://developer.box.com/reference/post-workflows-id-start/) endpoint. but doesn't allow a service account to own, or co-own, a workflow, which prevents the service account from utilizing said endpoint. Using the as-user header and/or user access token provides too broad of a level of access for a service account, representing a security hole, as it can kick off workflows owned by anybody in our enterprise.

Feedback and Knowledge Base