Skip to main content
The official Box SDKs have built-in support for JWT authentication. This guide will take you through user authentication using JWT with the use of the Box SDKs. JWT authentication is designed for working directly with the Box API without requiring a user to redirect through Box to authorize your application.

Overview

To complete a JWT authorization the following steps need to be completed.
  1. Read the configuration file
  2. Initialize an SDK client
At the end of this flow, the application has a Box SDK client that can be used to make API calls on behalf of the application.
The default method of authentication through JWT is inherently tied to the Service Account for the application. Any API call made with this token will seem to come from this application and will not have access to files and folders from other users without explicitly getting access them.

Prerequisites

Before we can get started, you will need to have completed the following steps.
  • Create a Box Application within the developer console
  • Create and download the private key configuration file for your application and save it as config.json
  • Ensure your Box Application is approved for usage within your enterprise

1. Read JSON configuration

After creating a Box Application there should be a config.json file containing the application’s private key and other details. The following is an example.
config.json
{
  "boxAppSettings": {
    "clientID": "abc...123",
    "clientSecret": "def...234",
    "appAuth": {
      "publicKeyID": "abcd1234",
      "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n....\n-----END ENCRYPTED PRIVATE KEY-----\n",
      "passphrase": "ghi...345"
    }
  },
  "enterpriseID": "1234567"
}
To use this object in the application it needs to be read from file. 
var reader = new StreamReader("path/to/config.json");
var json = reader.ReadToEnd();
var config = BoxConfig.CreateFromJsonString(json);
Parsing JSONIn some programming languages there is more than one way to read and parse JSON from a file. Refer to guides on your preferred programming language for more complete guides, including error handling.

2. Initialize SDK client

The next step is to configure the Box SDK with the configuration and then initialize the client to connect as the application. 
var sdk = new BoxJWTAuth(config);
var token = sdk.AdminToken();
BoxClient client = sdk.AdminClient(token);
Service AccountsAt this point the application is authenticated as an application user, not as a managed or app user. Head over to our guide on User Types to learn more about the different types of users.SummaryBy now the application should be able to authorize an application using JWT with any of our official SDKs, by using the following steps.
  1. Read the configuration file
  2. Initialize an SDK client
To learn how to use this client head over to the guide on Making API calls.Using SDKs and JSON Web TokensTo learn more about JWT for each SDK head over to: