> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Setup with Client Credentials Grant
export const MultiRelatedLinks = ({sections = []}) => {
if (!sections || sections.length === 0) {
return null;
}
return
;
};
export const Link = ({href, children, className, ...props}) => {
const localizedHref = href;
return
{children}
;
};
## Prerequisites
To set up a Platform App using server-side authentication, you will need to ensure
you have access to the [Developer Console][devconsole] from your Box enterprise
account. Alternatively, you may sign up for a [developer account][devaccount].
## App creation steps
### Navigate to the Developer Console
Log into Box and go to the [Developer Console][devconsole].
Select **Create Platform App**.
### Select application type
Select **Platform App** from the list of application types. A modal will appear to
prompt a selection for the next step.
### Provide basic application information
To describe your app, provide an app name and description.
Use the drop-down list to select the app's purpose.
Depending on the option chosen, you might
need to specify further details.
| Purpose | Details |
| ------------------------- | ---------------------------------------------------------------------------------------------------- |
| Automation, Custom Portal | Specify if the app is built by a customer or partner. |
| Integration | Specify the integration category, external system name if the app is built by a customer or partner. |
| Other | Specify the app purpose and if it is built by a customer or partner. |
### Select application authentication
Select **Server Authentication (with Client Credentials Grant)**
if you would like to verify
application identity with a client
ID and client secret, and confirm with **Create App**.
Once you make a selection, you will not be able to change to a different
authentication method without creating a new application.
## App Authorization
Before the application can be used, a Box Admin needs to authorize the
application within the Box Admin Console.
Navigate to the **Authorization** tab for your application within the
[Developer Console][devconsole].
Click **Review and Submit** to send an email to your Box enterprise Admin for
approval. More information on this process is available in our
authorization guide.
## Basic configuration
### Application Access
An application's access level determines which users and content your app may
access. By default, an application can only successfully interact with the
content of its Service Account and any App Users. To also
access existing Managed Users of an enterprise, navigate to the
**Application Access** settings accessible via the **Configuration** tab of the
[Developer console][devconsole] and set to **App + Enterprise Access**.
### Application Scopes
An application's scopes determine which endpoints and resources an application
can successfully call. See the scopes guide for detailed information
on each option.
### CORS Domains
If your application makes API calls from front-end browser code in
Javascript, the domain that these calls are made from will need to be
added to an allow-list due to [Cross Origin Resource Sharing][cors],
also known as CORS. If all requests will be made from server-side code,
you may skip this section.
To add the full URI(s) to the allow-list, navigate to the **CORS Domain**
section at the bottom of the **Configuration** tab in the
[Developer console][devconsole].
## Using SDKs and Client Credentials Grant
To learn more about Client Credentials Grant for each SDK head over to:
* [.Net][.Net]
* [Java][Java]
* [Python][Python]
* [Node][Node]
* [IOS][IOS]
[.Net]: https://github.com/box/box-windows-sdk-v2/blob/legacy/docs/authentication.md#server-auth-with-ccg
[Java]: https://github.com/box/box-java-sdk/blob/legacy/doc/authentication.md#client-credentials-grant
[Python]: https://github.com/box/box-python-sdk/blob/legacy/docs/usage/authentication.md#client-credentials-grant
[Node]: https://github.com/box/box-node-sdk/blob/legacy/docs/authentication.md#client-credentials-grant-authentication
[IOS]: https://github.com/box/box-ios-sdk/blob/legacy/BoxSDK/docs/usage/authentication.md#client-credentials-grant
[devconsole]: https://app.box.com/developers/console
[devaccount]: https://account.box.com/signup/n/developer
[cors]: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
### Provide basic application information
To describe your app, provide an app name and description.
Use the drop-down list to select the app's purpose.
Depending on the option chosen, you might
need to specify further details.
| Purpose | Details |
| ------------------------- | ---------------------------------------------------------------------------------------------------- |
| Automation, Custom Portal | Specify if the app is built by a customer or partner. |
| Integration | Specify the integration category, external system name if the app is built by a customer or partner. |
| Other | Specify the app purpose and if it is built by a customer or partner. |
### Select application authentication
Select **Server Authentication (with Client Credentials Grant)**
if you would like to verify
application identity with a client
ID and client secret, and confirm with **Create App**.
## App Authorization
Before the application can be used, a Box Admin needs to authorize the
application within the Box Admin Console.
Navigate to the **Authorization** tab for your application within the
[Developer Console][devconsole].
Click **Review and Submit** to send an email to your Box enterprise Admin for
approval. More information on this process is available in our
authorization guide.
### Application Scopes
An application's scopes determine which endpoints and resources an application
can successfully call. See the scopes guide for detailed information
on each option.
### CORS Domains
If your application makes API calls from front-end browser code in
Javascript, the domain that these calls are made from will need to be
added to an allow-list due to [Cross Origin Resource Sharing][cors],
also known as CORS. If all requests will be made from server-side code,
you may skip this section.
To add the full URI(s) to the allow-list, navigate to the **CORS Domain**
section at the bottom of the **Configuration** tab in the
[Developer console][devconsole].
## Using SDKs and Client Credentials Grant
To learn more about Client Credentials Grant for each SDK head over to:
* [.Net][.Net]
* [Java][Java]
* [Python][Python]
* [Node][Node]
* [IOS][IOS]
[.Net]: https://github.com/box/box-windows-sdk-v2/blob/legacy/docs/authentication.md#server-auth-with-ccg
[Java]: https://github.com/box/box-java-sdk/blob/legacy/doc/authentication.md#client-credentials-grant
[Python]: https://github.com/box/box-python-sdk/blob/legacy/docs/usage/authentication.md#client-credentials-grant
[Node]: https://github.com/box/box-node-sdk/blob/legacy/docs/authentication.md#client-credentials-grant-authentication
[IOS]: https://github.com/box/box-ios-sdk/blob/legacy/BoxSDK/docs/usage/authentication.md#client-credentials-grant
[devconsole]: https://app.box.com/developers/console
[devaccount]: https://account.box.com/signup/n/developer
[cors]: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing