Skip to content

fix typo #829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix typo #829

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c271778
fix typo
shahzadhaider1 Sep 22, 2025
e39bcf6
Merge branch 'main' into patch-1
shahzadhaider1 Sep 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions content/guides/api-calls/permissions-and-errors/scopes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,25 @@ together, see our [security guide][security].
## Scopes & OAuth 2 authorization

When sending a user through a client-side OAuth 2 flow to authorize your
application it is possible to append a set of scopes to the authorization URL to
application, it is possible to append a set of scopes to the authorization URL to
further restrict the user's access token.

For example, if you application has the `root_readonly` and `root_readwrite`
For example, if your application has the `root_readonly` and `root_readwrite`
scopes enabled, it is possible to restrict a user's access token to
`root_readonly` by specifying this scope when redirecting the user.

```js
GET https://account.box.com/api/oauth2/authorize?scope=root_readonly&client_id=....
```

When the scope parameter is omitted the application will use the scopes that
When the scope parameter is omitted, the application will use the scopes that
were set when the application was created.

## Self-service scopes

These scopes are available through the Developer Console when configuring an
application. Navigate to the **Application Scopes** section of the
**Configuration** tab and select one or more of the following scope.
**Configuration** tab and select one or more of the following scopes.

### Read all files and folders

Expand Down Expand Up @@ -160,7 +160,7 @@ application to edit and delete device pins.

<Message type='notice'>
Although this allows an application to enterprise properties, for client-side
applications, the Access Token used must must be associated with an
applications, the Access Token used must be associated with an
Admin Co-Admin with the correct permissions.
</Message>

Expand Down Expand Up @@ -282,7 +282,7 @@ For this reason, this scope will not be provisioned unless absolutely necessary.

## Scopes for downscoping

In some cases an Access Token needs to be [downscoped][ds] to a more strict
In some cases, an Access Token needs to be [downscoped][ds] to a more strict
permission level, especially when a token needs to be exposed to a client-side,
public environment like a browser. The primary example for this is when using
[Box UI Elements][ui-elements], which require an Access Token in the user's
Expand Down Expand Up @@ -342,4 +342,4 @@ The standard OAuth scopes are also supported when downscoping.
[suppress]: g://api-calls/suppress-notifications
[ds]: g://authentication/tokens/downscope
[sa]: page://platform/user-types/#service-account
[ca]: [https://support.box.com/hc/en-us/articles/1500005433721-Users-Groups-Settings#h_01GSE1DYJKTY9EXEWJEDKFHCNV]
[ca]: [https://support.box.com/hc/en-us/articles/1500005433721-Users-Groups-Settings#h_01GSE1DYJKTY9EXEWJEDKFHCNV]