How to authenticate user coming from File Action

Question

Is there a way to authenticate a user coming from a File Action without requiring ticket-> redirect->token?

Here's the scenario:

1. User adds our web app to their account on Box.com web site
2. User selects a file clicks on "Open with Our App" (File Actions - Popup)
3. Our app receives the parameters for file URL, file auth token, etc.
4. User wishes to add comment to the file from our app

How do we make API call to add comment to file? Throughout the flow above, we do no have a user auth token required for API calls, even though user added the app and interacted with it.

Thanks for the help!

Answer 1

The file auth token parameter you receive from the file action call can be used to make a set_comment call on the file we sent to you.