I believe you need to make sure the user authenticating against the API key is the main Box admin (not a co-admin) so you can use as-user. That allows you to make API calls as a managed user so you can access all the content owned by your Box enterprise.
Thanks for your answer. Since it seems our API requests sometimes hit the rate limit, we might missed some contents. We will carefully check the content in our splunk instance, and get back here, if we have further questions.
Thank again for your kind answer for my question.