Custom App Approval
Custom App Approval
Server authentication applications using JWT or Client Credentials Grant must be authorized by a Box Admin before use.
User authentication applications using OAuth 2.0 may need to be enabled by a Box Admin depending on the unpublished apps setting.
A Box Admin needs an application's Client ID in order to properly authorize or enable it in the Admin Console.
A semi-automated process to submit an app approval is available in the Developer Console for all custom application types.
Server authentication apps
Navigate to the Authorization tab for your application in the Developer Console.
User authentication apps
Navigate to the Enablement tab for your application in the Developer Console.
Submitting the application for approval will send an email to your enterprise's Primary Admin to approve the application. When a Box Admin approves or declines your request, you will get an email with the decision. More information on this process is available in our support article on app authorization.
The following steps provide instructions on how to manually approve the application.
As a developer
- Navigate to the Configuration tab for your application in the Developer Console.
- Scroll down to the OAuth 2.0 Credentials section and copy the Client ID value to provide to a Box Admin.
As an Admin
- Navigate to the Admin Console and select the Apps tab (1) from the left navigation panel.
- Click the Custom Apps Manager tab (2) at the top of your screen.
- For both Server and User Authentication Apps screens, click the Add App (3) button in the top right corner to add a new app.
- Alternatively, you can use the Custom Apps Manager table menu (4) to authorize and enable apps.
Server Authentication Apps
User Authentication Apps
In the popup that appears, enter the client ID for the application that the developer collected from the Configuration tab of the Developer Console.
Re-authorization on changes
When the application's scopes or access level change the application needs to be re-authorized. Repeat the process above and request a new Access Token for the new changes to take effect.
In the same section where the application was initially authorized, an Admin can re-authorize the application by clicking on the ellipses to the right of the application name to Reauthorize App.