Is it possible to get file ID on the javascript client side after a user (non-logged in) uploaded their file with Upload Embed Widget (https://community.box.com/t5/Sharing-Content-with-Box/Box-Upload-Embed-Widget/ta-p/29008)
If not, what alternatives are there?
The requirements are:
1. user can upload a file without requiring them to log in
2. retrieve the file id or link to the file from javascript client
Any ideas?
Hi ,
Welcome to the Box Community and thanks for your first post in the forum!
The file IDs are displayed in the URL, so for example: https://cloud.app.box.com/notes/384896487495
The file ID is "384896487495" for the above example.
Also, if you have admin privileges, you can use a File & Folder report available within the Admin Console >Reports> File and Folder> to get a full list of files and folders owned by the enterprise (including IDs).
Hope this helps!
Be sure to read our guidelines, Subscribe to content you like, and complete your profile on the community.
Hello hmrazali,
The Upload Embed Widget code that is referenced in the link you provided is non-modifiable as it is coped directly from the webapp and uses an iFrame.
If you wish to capture the File ID created on upload, I suggest using the Content Uploader javascript instead:
https://developer.box.com/docs/box-content-uploader
The content uploader provides events including upload which would have the file ID created from the upload. Using the upload embed widget requires generating a user token in order to render the widget. This is one major between the iFrame code provided in the webapp which does not require a user token to utilize. You can read more about the Content Uploader here: https://developer.box.com/docs/box-content-uploader
My apologies, I should add that I want to grab the file id programmatically with box API after the upload.
My use case is we have a web form and users can upload files to box with the Upload Embed Widget.
When the user hits submit, Javascript will grab the id of the uploaded file and submitted together with the form data.
Is this possible?
I'm testing Content Uploader javascript facing two problems:
1. When I upload as an anonymous user, it gives a 403 forbidden response. I'm looking at the folder settings and I can't figure out how to make uploading file public, but folder view as private.
2. In a production environment, where would I hide the access token? Currently using Developer Token.
Thanks for your help
Hi hmrazali,
1. When I upload as an anonymous user, it gives a 403 forbidden response. I'm looking at the folder settings and I can't figure out how to make uploading file public, but folder view as private.
- When uploading through the Content Uploader, an Access Token is required which means it does not allow for anonymous uploads. Given you want users to be able to upload anonymously, I would suggest using a JWT Authentication Application. When your JWT application is authorized within your enterprise, it will create a new service account for your application in your enterprise for which you can generate tokens and upload content to.
2. In a production environment, where would I hide the access token? Currently using Developer Token.
- We provide a method to Downscope Tokens for use in the browser. A downscoped token can provide access to a specific folder with specific scopes. Limiting the scope of the token visible in the browser limits the users ability to affect the account (i.e. create folders under the account, download files, etc). You can create a downscoped token that only has upload access to the widget. Then when the content uploader is rendered, users will only be able upload to the folder the downscoped token was generated for. This might require building some back end service that your app can make calls to in order to receive the downscoped token in the browser. In this case, your API credentials for generating the token would be stored on your server. We offer a suite of SDKs that can assist with token generation.
You asked about sending the folder ID with your form. If you are able to set the above up so you can receive the folder create event in the browser, you could intercept the folder ID value and add it to your form somewhere perhaps as a hidden field.
Hope this help!
One last question, previously I mentioned anonymous user.
If they are not anonymous but users who have enterprise box account and they have to authenticate via single sign-on in order to access the form, can I get away with not creating a JWT application? Any possible workaround?
Thanks
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
