Session Revocation — Box
Session Revocation — Box
Challenge terminates Box user sessions asynchronously via the Box Admin API.
Credentials
- Create a Box custom app or use a service account with enterprise user management permissions.
- Authorize
Manage users/ session termination scopes for your enterprise. - Paste a Box access token into Challenge under Integrations → Session Revocation → Box.
API calls Challenge makes
| Step | Method | Endpoint |
|---|---|---|
| Lookup | GET | https://api.box.com/2.0/users?filter_term={email} |
| Revoke | POST | https://api.box.com/2.0/users/terminate_sessions |
Revoke returns 202 Accepted — Box processes session termination asynchronously (check Box admin events for job status).
Username format
Use the user’s Box login email.
Troubleshooting
| Symptom | Check |
|---|---|
user_not_found | Login does not match exactly |
http_403 | Token lacks enterprise user admin permissions |
| Revoke accepted but user still active | Box terminates asynchronously; allow a short delay |