Select Auth Method
Select Auth Method
The type of authorization your application can use depends on the type of Box Application that you've configured in the developer console.
Learn how to select the application type for your app
Available methods
The following authorization methods are available to each Box Application type.
Box Application Type | Supports OAuth 2.0? | JWT? | App Token? | Developer Token? |
---|---|---|---|---|
Custom App | Yes | Yes | No | Yes |
Limited Access App | No | Yes | Yes | No |
Custom Skill | No | No | No | No |
Client-side OAuth 2.0
Client-side OAuth 2.0 requires the application to redirect end-users to their browser to login to Box and authorize the application to take actions on their behalf.
Learn about client-side authentication with OAuth 2.0
Server-side JWT
This authentication method does not require end-user interaction and, if granted the proper privileges, can be used to act on behalf of any user in an enterprise.
Server-side authentication using JSON Web Tokens (JWT) does not require end-user interaction and, if granted the proper privileges, can be used to act on behalf of any user in an enterprise. You can use a public and private key pair or your client ID and client secret to verify the application's permissions.
Learn about server-side authentication with JWT
Server-side App Tokens
A server-side App Token is an authentication method where the application only has access to read and write data to its own account. This is mainly used by Box View applications. By using this authentication method there is no need to authorize a user as the application is automatically authenticated as the Service Account that belongs to that application.
Learn about server-side authentication with App Tokens
Developer Token
A server-side Developer Token is a short-lived authentication available to developers creating applications that use OAuth 2.0. It is an Access Token that is only valid for 1 hour, and authenticates as the developer who created the token.
Comparison
The following is a quick overview of the key difference between client-side and server-side authentication.
OAuth 2.0 | JWT | App Tokens | Developer Token | |
---|---|---|---|---|
Requires user involvement? | Yes | No | No | Yes |
Requires admin approval? | No | Yes | Yes | No |
Can act on behalf of other users? | Yes | Yes | No | Yes |
Do users see Box? | Yes | No | No | Yes |
Can create App Users? | No | Yes | No | Yes |
Can be used in production? | Yes | Yes | Yes | No |