Custom App Approval

Custom App Approval

Server authentication applications using JWT or Client Credentials Grant must be authorized by a Box Admin before use.

Unpublished applications using OAuth 2.0 authentication may require enablement by a Box Admin if they are inactive by default.

A Box Admin needs an application's Client ID in order to properly authorize or enable it in the Admin Console.

You can use My Apps view to quickly look up the authorization and enablement status of your application.

Approval Notifications

A semi-automated process to submit an app approval is available in the Developer Console for all custom application types.

Server authentication apps

Navigate to the Authorization tab for your application in the Developer Console.

Authorization tab

User authentication apps

Navigate to the Enablement tab for your application in the Developer Console.

Enablement tab

Submitting the application for approval will send an email to your enterprise's Primary Admin to approve the application. When a Box Admin approves or declines your request, you will get an email with the decision. More information on this process is available in our support article on app authorization.

Manual Approval

The following steps provide instructions on how to manually approve the application.

As a developer

  1. Navigate to the Configuration tab for your application in the Developer Console.
  2. Scroll down to the OAuth 2.0 Credentials section and copy the Client ID value to provide to a Box Admin.

Alternatively, hover over the application in the My Apps view to look up the ClientID and then copy it using the copy button.

Finding a Box Admin

If you don't know your enterprise Admin, go to your Box Account Settings page and scroll to the bottom. If an admin contact is set you should see their contact information under "Admin Contact".

As an Admin

  1. Navigate to the Admin Console and select the Apps tab (1) from the left navigation panel.
  2. Click the Custom Apps Manager tab (2) at the top of your screen.
  3. For both Server and User Authentication Apps screens, click the Add App (3) button in the top right corner to add a new app.
  4. Alternatively, you can use the Custom Apps Manager table menu (4) to authorize and enable apps.

Server Authentication Apps

Server Apps tab

User Authentication Apps

User Apps tab

In the popup that appears, enter the client ID for the application that the developer collected from the Configuration tab of the Developer Console.

Re-authorization on changes

When the application's scopes or access level change the application needs to be re-authorized. Repeat the process above and request a new Access Token for the new changes to take effect.

In the same section where the application was initially authorized, an Admin can re-authorize the application by clicking on the ellipses to the right of the application name to Reauthorize App.

Re-authorize app