Box Platform is an open development platform from Box that allows you to take advantage of Box's secure cloud storage and content management capabilities in your applications with a suite of easy to use APIs. One of the ways developers can use the Box Platform APIs is to white-label functionality from the Box web and mobile applications in another software application.
In order to utilize the Box Platform APIs in your application, you will need to create an application, authenticate the application's Service Account to Box and then, if appropriate, provision Box user accounts (known as App Users) that map to users of your application.
Service Account: a user-based representation of your application within a Box Enterprise (EID). A Service Account is created whenever a new application is created in the Box Developer Console and, once authenticated, can make API calls to Box, either on behalf of your application or on behalf of your application's end users.
Authentication with OAuth 2.0 and JWT: an authentication method that allows an application's Service Account to authenticate to Box server's using a JSON Web Token (JWT) grant and RSA keypair. This type of authentication replaces the first leg of the standard 3-legged OAuth process, in which an end user grants an application permission to access the user’s Box account. Using authentication with OAuth2.0 and JWT (1) allows an application's Service Account to make server-side API calls to Box and (2) removes the friction of multiple logins for your users with App Users.
App Users: a type of Box account that can only access Box content services through the API. App Users are similar to Managed User (or Box user) accounts, but they do not log in using Box user credentials. Instead, an application's Service Account creates and manages an App User’s account on their behalf, and the end user does not directly interact with Box.
In the standard Box integration, applications integrate directly with pre-existing Box accounts, granting access to user-specific content; however, these accounts remain owned by the end-user and their associated enterprise. With App Auth and App Users, developers have access to all of the functionality of Box’s Content API while also owning the user authentication, user accounts, and content associated with their application.