Box Platform provides rich content services to create secure, enterprise-ready web and mobile applications with engaging experiences for end-users. Developers can use Box Platform to embed Box's content services in their own applications.
- Authentication with JWT: Box’s authentication feature allows your application to authenticate directly to Box using a JSON Web Token (JWT) grant and RSA keypair. This authentication replaces the first leg of the standard 3-legged OAuth process in which a user grants an application permission to access the user’s Box account, removing the friction of multiple logins and services for your users.
- App Users: a type of full-featured enterprise Box account that belongs to your application, but not a Box end-user. Unlike typical Box accounts, these accounts do not have an associated login and can only be accessed through the Box Content API by the controlling application and associated Box user id. This new user model allows the application to take advantage of groups, permissions, collaborations, comments, tasks, and the many other features offered by the Box platform.
In the standard Box integration, applications integrate directly with pre-existing Box accounts, granting access to user-specific content; however, these accounts remain owned by the end-user and their associated enterprise. With App Auth and App Users, developers have access to all of the functionality of Box’s Content API while also owning the user authentication, user accounts, and content associated with their application.