In an effort to be transparent with our roadmap, we publish changes that we believe will be important to the applications you’ve developed. We will try our best to pinpoint exact dates for future releases, but we will occasionally have to give the best month or quarter estimates for changes that are harder to estimate. While dates are subject to change based on other dependencies, we will communicate updates as soon as possible. This roadmap is intended to discuss changes that may affect current applications and may sometimes exclude new product releases that can not be disclosed before each launch.
Documentation for detailed error messages – Many of you requested more documentation for our error msgs. We ran some analytics, and pulled data from a sample application. It may not have the same API call profile as your application, but it hits a very good representative sampling of the error messages that you will likely need to handle.
OAuth 2 scope updates – We added a new OAuth 2 scope, “manage an enterprise”. Select the “Read and write all files and folders” scope if your application needs to perform operations on files and folders, such as creating, downloading, editing, and deleting files and folders. Select the “Manage an enterprise” scope if your application needs to perform enterprise management, such as creating, editing, and deleting users and groups, viewing admin logs, and creating collaborations for groups. See more information about OAuth 2 here.
V1 API Deprecation – The legacy V1 API has been deprecated. If you haven’t already, we recommend that you migrate to our V2 API, which has tons of new capabilities, and much better performance. If you have any questions or concerns about this deprecation, contact us at firstname.lastname@example.org.
V2 Tags – We’ve added support for an equivalent of the tagging capabilities in our webapp. Lock/Unlock – We’ve added support for locking and unlocking files into the V2 API.
New item permissions – We added a permissions attribute to our folders and files responses. This attribute will only be returned if explicitly requested through the fields URL parameter and will not be returned by default.
As-User added – As-User has replaced the previous On-Behalf-Of functionality. As-User is more robust because it is tied to a static user_id instead of a dynamic email address that may change. On-Behalf-Of functionality will continue to be supported, but we recommend migrating to the As-User header.
OAuth2 changes – Extended AOuth2 refresh tokens to last 60 days. See the blog post for more details
Changes on OAuth 2 login pages – We are making a few minor UI changes on our mobile and desktop OAuth login pages. These changes are on the UI only and will not change how you handle the OAuth flow.
Added collaborations to groups, and groups management APIs – We’ve added a /groups endpoint and a /groups/ID/memberships endpoint, as well as added support in the collaboration creation API calls to collaborate either a user or a group onto a folder.
Additional restricted_to attribute in token response – When requesting an access and refresh token from Box, you will now receive an additional attribute in your response called “restricted_to”. This new attribute is an additive change that we’ve added to start supporting additional scopes within the OAuth 2 token grant process.
Box web application subdomain change – As part of our ongoing commitment to stability, performance, and security, we will be moving our web application from box.com to app.box.com. For example, enterprise and business domains will migrate from https://yourcustomdomain.box.com to https://yourcustomdomain.app.box.com. This should not affect any of your applications and they should continue to function as is. See the FAQ for more details about these changes.
Permissions framework change – We have found a small bug in our permissions framework that we are looking to fix. Previously, co-owners of folders were able to move or delete a collab’d subfolder. Now, co-owners of folders can no longer move or delete collab’d subfolders. You must be a folder owner to move or delete these folders now. If you are trying to move or delete folders as a co-owner, you would now receive a 403 error code now instead of a 200 success code.
has_collaborations – We added an attribute to folder responses called has_collaborations. This attribute will only be returned if explicitly requested through the fields URL parameter and will not be returned by default.
V1 SDKs – Our SDKs built on top of the V1 API are no longer maintained and considered deprecated. Please use one of our V2 SDKs or use the V2 API directly. For reference, the deprecated V1 SDKs are:
comment_count – We added an attribute to folder responses called comment_count. This attribute will only be returned if explicitly requested through the fields URL parameter and will not be returned by default.
version_number – We added an attribute to folder responses called version_number. This attribute will only be returned if explicitly requested through the fields URL parameter and will not be returned by default.