# Box Platform

This section contains 15 documentation items covering page.

## Untitled

*Type: page | Category: Learn Box Platform
*

Authentication Methods Box offers a variety of authentication methods for application development,
each tailored to different use cases and…

# Authentication Methods

Box offers a variety of authentication methods for application development,
each tailored to different use cases and application types. Regardless of the
authentication method used, underlying principles still apply. If a user does
not have access to content on the front end of the main Box web app, they will
not be able to access the content using the API, unless they are impersonating
another user. Some API endpoints require admin level privileges - like events.
The following authorization methods are available to each Box application type.

| Box Application Type | Supports OAuth 2.0? | JWT? | Client Credentials? | App Token? |
| --- | --- | --- | --- | --- |
| Platform App | Yes | Yes | Yes | No |
| Limited Access App | No | Yes | No | Yes |
| Custom Skill | No | No | No | No |

## OAuth 2.0

[OAuth 2.0](g://authentication/oauth2) is a client-side authentication method, widely used for its
simplicity in authorizing users to Box API. It's an open standard that allows
users to grant applications access to their data in other applications. Similar
to how logging in to a website with Twitter, Facebook, or Google works, Box's
client-side authentication involves redirecting a user from an app to the Box
web app, where they log in and grant the app access to their data. For example,
We use this
auth type for users logging into our community forum.

# When to use OAuth 2.0?

Client-side authentication is the ideal authentication method for apps that:

- Work with users who have existing Box accounts

- Use Box for identity management, so users know they are using Box

- Store data within each user account vs within an application's Service Account

You can find a great Python OAuth 2.0 tutorial on [GitHub](https://github.com/box-community/box-python-oauth-template).

## JSON Web Token (JWT)

JSON Web Tokens (JWT) is the most common server-side authentication method for
the Box API. [JWT](g://authentication/jwt), an open standard, enables robust server-to-server
authentication. This method, exclusive to Platform Apps, does not involve
end-user interaction. It allows an app, if granted appropriate privileges, to
act on behalf of any user in an enterprise, thus facilitating powerful and
seamless integrations. Upon approval by an administrator, a JWT application
will get assigned a service account to make API calls as by default.

# When to use JWT?

Server-side authentication with JWT is the ideal authentication method for apps
that:

- Work with users without Box accounts

- Use their own identity system

- Do not want users to know they are using Box

- Store data within the application's Service Account and not a user's account

- Want to manage public and private key pairs

You can find a great Node JWT tutorial on [Medium](https://medium.com/box-developer-blog/authenticate-box-node-js-sdk-with-jwt-47fdd3aeec50).

## Client Credentials Grant (CCG)

The [Client Credentials Grant](g://authentication/client-credentials) approach is used for server authentication,
verifying an application's identity using a client ID and secret. It's a secure
way of identifying an app when obtaining an Access Token. This method is
particularly useful for scenarios requiring server-to-server interactions
without user involvement. Depending on the application's configuration, it can
authenticate as either the application's Service Account or as a Managed User.
Upon approval by an administrator, a CCG application
will get assigned a service account to make API calls as by default.

# When to use CCG?

Server-side authentication with JWT is the ideal authentication method for apps
that:

- Work with users without Box accounts

- Use their own identity system

- Do not want users to know they are using Box

- Store data within the application's Service Account and not a user's account

- Do not want to manage public and private key pairs

You can find a great Python CCG tutorial on [Medium](https://medium.com/box-developer-blog/box-python-next-gen-sdk-getting-started-with-ccg-81be0abc82d9).

## App Token Auth

[App Token Auth](g://authentication/app-token)is another server-side authentication option, utilizing
fixed,
long-lived Access Tokens that are restricted to the application's Service
Account. This method is ideal for applications leveraging Box View and is
designed for scenarios where the app only needs access to read and write data
to its own account. By using App Token Auth, there's no need for end-user
authorization, as the application automatically authenticates as the Service
Account associated with it. It also is restricted to a subset of
API [endpoints](g://authentication/app-token/endpoints).

# When to use App Token Auth?

Server-side authentication with App Tokens is the ideal authentication method
for apps that:

- Work in an environment that either has no user model, or has users without Box accounts

- Use their own identity management system

- Do not want users to know they are using Box

- Store data within the application's Service Account and not a user's account

## Box Skills

[Box Skills](g://skills/handle/payload/#access-tokens) are a unique application type used for custom processing of
files uploaded to Box. It uses third-party Machine Learning services to extract
information from files and apply it as metadata. Authentication for Custom
Skills is streamlined with pre-authorized API credentials provided with each
Skill Event, though this limits the API access. Custom Skills don't require a
specific authentication type selection, focusing on simplicity and direct
integration with Box's capabilities.

# When to use Box Skills?

Webhook based authentication with Box Skills is the ideal authentication
method for apps that:

- Work in third party machine learning environments

- Potentially want users to know they are using Box

- Achieve an end goal in tandem with other processes

- Only want to process files that trigger the Box Skill

You can find a great Box Skills tutorial on [Medium](https://medium.com/box-developer-blog/box-skills-ibm-watson-speech-to-text-tutorial-b7e3b3c0a8c7).

## Scopes

When an application is created in the Developer Console, the user must configure
application scopes. Similar to how users have permissions to access files and
folders within Box, applications have their own set of permissions to
perform certain actions on behalf of a Box user or a Box enterprise. The name
for a set of permissions for an application is a "scope". In short, an
application's scopes determine which [endpoints](page://reference) an application can
successfully call and are reflected in the access provided by
[Access Tokens](g://authentication/tokens) of the application.

### User permissions and scopes

It is important to understand that even if an application has the right scopes
to perform an action, the user associated with the Access Token making the call
needs to have permission to perform the action as well and vice versa.
For example, if your application is set up to read files, the
authenticated user does need to have permission to read the file you are
trying to access.
To learn more about how scopes, token permissions, and user permissions work
together, see our [security guide](g://security).

Next step


**Reference:** https://developer.box.com/platform/authentication-methods/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Box Platform 101 What is Box Box is a cloud-based content management
and file sharing platform that enables
individuals and businesses to…

# Box Platform 101

## What is Box

[Box](https://www.box.com) is a cloud-based content management
and file sharing platform that enables
individuals and businesses to store, access, and collaborate on documents and
files from anywhere. It offers features like secure file storage, real-time
collaboration, and integrations with various productivity tools, enhancing team
efficiency and data accessibility. Known for its focus on security and
user-friendly interface, Box is widely used for managing digital assets and
fostering collaboration within organizations.

## What is Box Platform

[Box Platform](https://www.box.com/platform) is a set of tools and APIs offered by Box that
allows developers to integrate and
customize the capabilities of the Box cloud content
management system into their own applications and services. It enables
businesses and developers to build
secure and scalable content-centric applications,
leveraging features like file storage, sharing, and collaboration while
maintaining control over data and access. With Box Platform, developers can
create tailored solutions that enhance productivity and streamline content
management workflows.

## How do I make applications

In order to use the [Box API](page://reference), you first have to create an application in
Box. This application serves as the gateway for any API call made to the
platform. You can use two websites to accomplish this task: the Box Developer
Site and the Box Developer Console. Let's take a closer look at what those are.

### Box Developer Site

The Box Developer Site is this website you are reading right now. It is a
comprehensive resource for developers building solutions on top of Box, and
should be used alongside the developer console to create applications and make
API calls. You can
find a multitude of guides, the full OpenAPI spec, quick starts, sample code,
etc all within its pages.

 
 
 
 
 
 
 
 
 

The site is updated on a frequent basis with the
latest updates posted to the [changelog](page://changelog).

 
 
 
 
 
 
 
 
 

### Box Developer Console

The [Box Developer Console](https://app.box.com/developers/console) is an interactive interface that provides
developers with tools and resources for managing their applications integrated
with Box. It allows for the creation, configuration, and monitoring of apps,
offering insights and control over how these apps interact with the Box
platform.

 
 
 
 
 
 
 
 
 

After you create an application in the console for the first time,
you will start seeing a button in the bottom left of the main Box web app. You
can use this button to access the console in the future.

 
 
 
 
 
 
 
 
 

## Box Platform Concepts

In the following learn sections, we will go into more depth on various topics.
But at a high level, these are some terms and concepts to be familiar with.

### User Types

There are several [user types](https://support.box.com/hc/en-us/articles/4636533822483-Box-User-Types) to keep in mind when developing on Box
Platform. These include users with admin privileges (such as Admin or Co-Admin
users) and those without admin privileges (Managed or External Users).
Additionally, there are platform-only users, which are categorized as Service
Accounts and App Users. Each user type has specific roles and access levels
within the Box environment, impacting how they interact with applications and
content. At the core, if a user can access a piece of content from the main Box
web app, they should be able to access it using the API.

### Application Type

There are three main types of applications that can be created in the developer
console. They include Platform App, Limited Access App, and Box Custom Skills. You
can also create third party and web app integrations.

 
 
 
 
 
 
 
 
 

### Authentication Method

Depending on the application type selected, there are one of five different
authentication methods that can be used to gain an [access token](g://authentication/tokens). An
access token is the key to get through the gateway that is your application
to successfully make an API call to Box.

 
 
 
 
 
 
 
 
 

Next step


**Reference:** https://developer.box.com/platform/box-platform-101/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Application Types Box offers various application types to cater to different needs and use cases
in application development. Each provides…

# Application Types

Box offers various application types to cater to different needs and use cases
in application development. Each provides different capabilities and
authentication method options.

## Platform App

[Platform Apps](g://applications/app-types/platform-apps) are versatile and can accommodate most use cases.
They allow developers to present Box functionalities within a custom interface.
Box
provides customizable UI Elements for tasks like browsing, searching, and
previewing content. These apps support OAuth 2.0, JWT, and Client Credentials
Grant for authentication. Platform Apps are ideal for applications that need to
access both their own and others' files, upload and download files, and
potentially be listed in the Box Integrations.

## Limited Access App

[Limited Access Apps](g://applications/app-types/limited-access-apps) are specifically designed for leveraging Box
View or
previewing Box content within another application. They have access to a
limited number of endpoints and only support App Token authentication. These
apps are suitable for use cases like showcasing a professional’s portfolio on a
website, providing user manuals on a support site, or creating a custom
document viewer for e-books or architectural plans.

## Box Skills

[Box Skills](g://applications/app-types/custom-skills), or Custom Skills, are applications that perform custom
processing
on files uploaded to Box. They use third-party Machine Learning services to
extract information from files and apply it as metadata. These skills are
enabled on a folder by a Box Admin, and the application server receives an
event every time a file is uploaded. Custom Skills are best used for adding
metadata to files and integrating with Machine Learning services without
handling authentication.

## Web App Integrations

[Web App Integrations](g://applications/web-app-integrations) allow third-party applications to integrate
seamlessly
with the Box user experience. They enable users to edit, share, or modify
content stored in Box using a third-party application. Such integrations can
add new features to Box users and be added to Recommended Web Integrations in Box Preview,
enhancing the user experience by integrating with various content types and
file extensions.

## Integrations Publication

The [Box Integrations](g://applications/integrations/) is a platform for Box users to discover
applications that
can be used in conjunction with Box. For developers, listing their application
in the Integrations is an effective way to reach new users, particularly for
applications suited for use by other enterprises. The process for Integrations
publication involves ensuring the app is production-ready, leverages OAuth 2.0
authentication, and submitting it for approval through the Developer Console.
Once approved, applications can be featured, most popular, or recently added
sections in the Integrations, and they can also be unpublished if necessary.

Next step


**Reference:** https://developer.box.com/platform/application-types/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Learn Box Platform If you are new to Box, start here!
In the following pages, you'll learn how all the Box Platform
concepts and components…

# Learn Box Platform

If you are new to Box, **start here**!
In the following pages, you'll learn how all the Box Platform
concepts and components work together to help you create an application quickly.

 
 
 
 
 
 
 
 
 

## Learn Sections

These pages go into more depth on each topic. Checkout each one and become
a Box Platform expert.

- [Box Platform 101](page://platform/box-platform-101)

- [Use Cases](page://platform/use-cases)

- [User Types](page://platform/user-types)

- [Application Types](page://platform/application-types)

- [Authentication Methods](page://platform/authentication-methods)

- [Support](page://platform/support)

- [Tools](page://platform/tools)

Get Started


**Reference:** https://developer.box.com/platform/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Box Platform glossary This glossary includes terms and definitions used in Box Platform. If you need
to find out what a term means, this is…

# Box Platform glossary

This glossary includes terms and definitions used in Box Platform. If you need
to find out what a term means, this is your one stop page.

| Box Resource Type/Term | Also known as (AKA) | Description |
| --- | --- | --- |
| Admin | Superuser, administrator, supervisor | The main admin on an enterprise account. Admins can manage users and groups, view and edit all of their organization’s files and folders, log in to any user’s account within their organization, edit settings for their organization, and run or access reports. The Box Admin is the principal account administrator. |
| Admin Console | | The dashboard area for administering a particular enterprise. Accessible by the admin, group admins, and co-admins. |
| Anonymous User | | A user that is not logged in. |
| App user | | Box app user is a specific type of user within the Box Platform who is associated with applications or services that integrate with Box. App users are only accessible with the API, meaning they do not have login credentials. They can be created by a service account and are only applicable to applications leveraging server to server authentication. App users are tied to the application used to create them, and the user itself cannot be moved under another application. They can however collaborate on content outside of the application. |
| Bookmark / web link | Symbolic link, Symlink, soft link, reference, relationship | A clickable reference that allows you to easily access external websites or specific locations within your content structure. |
| Box Integrations | App Store | The first place for Box users to find out about applications that they can use in combination with Box. |
| Box Command Line Interface | Box CLI | A user-friendly command line tool that allows both technical and non-technical users to leverage the Box API to perform routine or bulk actions. |
| Box Custom Skill | Custom Skill, Box Skill | An application that performs custom processing for files uploaded to Box. Skills are designed to make it possible to use third-party machine learning services to automatically extract information from files uploaded to Box. |
| Box Embed | | An HTML-based framework that makes it possible to embed the Box Web App experience anywhere in the 3rd party applications. Box Embed provides the ability to upload, search, comment, share, tag, and edit files using Box Edit. |
| Box Platform | | An API-driven cloud content management and collaboration platform that provides developers with the tools and infrastructure to build platform applications, integrate workflows, and leverage powerful features for secure document storage, access control, versioning, metadata management, and real-time collaboration. |
| Box Sample Code Catalog | | Allows developers and admins to search through code repositories of tools, automation scripts, self paced workshops, and demo apps in multiple programming languages. The catalog contains more that eighty open source repositories and guides. |
| Box Shield | | A security solution offered by Box that helps protect sensitive data, prevent unauthorized access, and detect potential threats through automated classification and proactive monitoring. |
| Box Skills | | Box Skills are AI-powered capabilities that enhance the functionality of Box by automatically extracting insights and metadata from content. |
| Box Relay | | Box Relay allows you to create and configure workflow automations to automate and accelerate business processes centered around content. |
| Box Verified Enterprise | BVE | Box Verified Enterprise is a certification program that ensures the security and compliance of an organization's content management system. |
| Box UI Elements | | Pre-built UI components that allow developers to add elements of the main Box web application into their own applications. They can be used to navigate through, upload, preview, and select content stored on Box and are available both as React components and framework-agnostic JavaScript libraries. |
| Cascade policy | | Box enables you to add metadata instances to a folder, and automatically cascade them to the folder's contents so you don't need to add the instances individually. Using cascading metadata, you can quickly add metadata to multiple files and sub-folders at one time. |
| Classification | | An instance of the classification metadata template, containing the classification applied to the file or folder. |
| Collaboration | | Working together on a file or folder. |
| Collaborations | Permissions, Role-Based Access Control (RBAC), Access Control List (ACL), permission mapping | Collaborations define access permissions for users and groups to files and folders, similar to access control lists. A collaboration object grants a user or group access to a file or folder with permissions defined by a specific role. |
| Collaborator | | Someone who shares access to a file or folder. |
| Collaborated folder | Shared folder | A shared folder owned by someone within your enterprise. |
| Collaboration roles | Permission levels, access levels | The collaboration roles define the level of permissions a user has for a specific file or folder. The collaboration roles in Box are Owner, Co-owner, Editor, Viewer Uploader, Previewer Uploader, and Viewer. Collaboration levels in Box follow a "waterfall" design in which individuals have access only to the folder they are invited into and any sub-folders beneath it. You can also be invited to individual files. |
| Collection | | A collection of items, including files and folders. The contents of a collection can be explored in a similar way to which the contents of a folder is explored. |
| Content Manager | | A feature in the Admin Console that allows you to: search for and download files and folders in your organization, browse by user to see the files and folders they can access, move files between folders, invite collaborators to folders, get shared links and modify access levels, and delete files and folders from any user’s trash. |
| Co-admin | | A user other than the main admin, who has a subset of administrative privileges. Co-admins can perform the same duties as the organization’s admin, but they cannot make changes to the Admin’s permissions or other co-admins' permissions. The default access levels for co-admins include only the ability to manage users and groups, but they can be modified on a per-user basis. |
| Platform App | | A tailored application that extends the functionality of Box by integrating with other tools and systems. It's used to streamline workflows and enhance collaboration. It can be created in the Developer Console and has several authentication methods available. |
| Developer | Programmer | A skilled professional who designs, builds, and maintains software applications or systems and has access to the Developer Console. In Box, the developer can have an admin role. |
| Developer Console | | A portal that allows developers to create, debug, test, and monitor their applications by providing real-time insights into code execution and system performance. |
| Enterprise | Repository, content store, file cabinet, Docbase, vault | Enterprise in Box is a comprehensive suite of tools and services provided by Box for large organizations, offering secure file storage, collaboration features, access controls, workflow automation, compliance enforcement, and analytics. It enables efficient document management and teamwork while ensuring data security within an enterprise setting. |
| Ethical walls | Information barriers | A mechanism that prevents exchanges or communication that could lead to conflicts of interest and therefore result in business activities ethically or legally questionable. |
| Event | | Result of an action taken by the user. See Using the Enterprise Event Stream. |
| External collaborator | External user | A collaborator who is not part of an enterprise. |
| External collaborated folder | | A folder owned by someone outside your enterprise. |
| File | Document, unstructured data | A digital container that stores information or data in a structured format. |
| Folder | Directory, container | A directory containing files. |
| Group admin | | Group admins can add existing users to their groups, create new users that will be assigned to their groups, and assign folder access to their groups. They can also run reports for their groups. |
| Group | Team | Collaborative workspace where users can share files, collaborate on documents, and communicate with each other. |
| Item | Object, Box object, content | Can represent a file, a folder or a web link. |
| Limited access app | | Secure and restricted application created in the Developer Console that allows specific users to access and interact with designated content within the Box Platform. |
| Managed user | | A user account that is centrally controlled and administered by an organization's admin. |
| Metadata template | Document class, document type, content type, indexes | A predefined structure that captures and organizes important information about a document or file. |
| Metadata attribute | Property, field, keyword, index Value | A metadata attribute is a piece of information that provides descriptive details about data, such as its type, format, or source. |
| Personal folder | | A folder owned by an individual user. |
| Report | | A file containing a specific data set. You can use the Admin Console Reports tab to run a variety of account-wide reports: usage logs, file/user statistics, and security audits. |
| Sandbox | Testing environment | Managed, trackable, non-production, testing environment for developers. |
| Service account | | A service account provides developers with a programmatic authentication mechanism for server-side integrations with Box. In other words, an application can authenticate to Box as the service, which is represented by a service account user. A service account can then be used to create other application specific users, called app users. |
| Shared link | | A hyperlink to content stored in Box you can share with your coworkers and friends – both inside and outside of the company. Sending someone a shared link to a file or folder is a way to work together with that person around shared content. Customizable permission levels, expiration dates, and optional password-protection make Box shared links a secure, simple way to share important content. |
| Software Developer Tool | SDK | A collection of tools, libraries, and documentation that helps developers create software applications for specific platforms or frameworks. |
| Task | Action | A specific action or assignment that needs to be completed within the collaborative document creation editor. |
| User | Identity, person, authority | An individual who utilizes the collaborative document creation editor to create, edit, and share documents with others. |
| Unmanaged user | | A user account that is not centrally managed by an organization and has limited access and control over the content within Box. The unmanaged users may or may not also be external users. |
| Version control | | The management and tracking of different versions of a document, ensuring that everyone is working on the most up-to-date version. |
| Webhook | | A webhook is a way for an application to provide real-time data or notifications to another application by sending HTTP POST requests. |
| Workflow | | Workflows within Box are automated sequences of tasks that help streamline and track the progress of document-centric processes, ensuring efficient collaboration and timely completion. |

Next step


**Reference:** https://developer.box.com/platform/box-glossary/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Start Creating Now that you have learned all about the various parts that makeup Box Platform,
you are ready to jump in and start creating…

# Start Creating

Now that you have learned all about the various parts that makeup Box Platform,
you are ready to jump in and start creating. Visit
the [Box Developer Console](https://cloud.app.box.com/developers/console) to begin!

 
 
 
 
 
 
 
 
 

If you are looking for other topics to learn about, be sure to checkout
the following:

- [Architecture patterns](page://platform/appendix/architecture-patterns): This page goes over some typical infrastructure patterns we see.

- [User Models](page://platform/appendix//user-models): This page goes over how to use the users types discussed earlier in this series.

- [Locating Common Values](page://platform/appendix/locating-values): This page goes over how to find pieces of information like user IDs.

- [Errors](g://api-calls/permissions-and-errors/common-errors): This page lists out all the error codes you can receive


**Reference:** https://developer.box.com/platform/start-creating/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Tools Box offers several tools for you to use to jump start your
development. Check them out below. Sample Code Catalog The sample code…

# Tools

Box offers several [tools](g://tooling) for you to use to jump start your
development. Check them out below.

## Sample Code Catalog

The [sample code catalog](https://developer.box.com/sample-code/)
is the most recent tool we have launched on the Box Developer site. It
pulls code sample repositories from multiple places, consolidating them in one
place for you to browse. It allows you to filter by language and task. We update
the list regularly so the you have access to the most up to date code.

 
 
 
 
 
 
 
 
 

## Box CLI

The Box Command Line Interface (CLI) is a tool for making requests to Box APIs
from your terminal window or command prompt. It takes less than five minutes
to set up and provides you direct access to the API. We also offer a suite of
[sample scripts](g://cli/scripts) to jump start any administration automation tasks.

## SDKs

Box supports several coding languages with our [SDK libraries](page://sdks-and-tools). It is
highly recommended to use SDKs when creating a solution since the libraries
automatically handle things like authentication and retry logic for you. In
addition, the API reference pages contain samples for all the languages
directly in the site; however, each Github repo has a docs section
with all that language's samples too.

 
 
 
 
 
 
 
 
 

## Postman Collection

As an industry standard in software development, Postman helps developers learn
APIs quickly, providing real time testing and code samples. You can find our
Postman Collection on the [Postman website](https://www.postman.com/boxdev). You can also check out
the YouTube video below.

Next step


**Reference:** https://developer.box.com/platform/tools/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

User Types A critical part of planning and developing an application is understanding the
types of users involved. There are four main types…

# User Types

A critical part of planning and developing an application is understanding the
types of users involved. There are four main types of users: managed (internal
and external), admin, service account, and app users. Let's take a closer look
at the differences.

# What type of user does my application use?

The type of user an application is authenticated as is dependent on the
type of application created, as well as the type of authentication used to
create an Access Token.

## Admin or Co-Admin User

The Box Admin is the principal Box account administrator. They can make
additional co-admins with similar or more restrictive administrative
privileges. Admins and Co-Admins
can directly edit, delete, enforce security settings, and run reports against
these users via the Admin Console.

## Managed Users

Each Box enterprise is assigned a unique enterprise ID. Managed Users are any
users that belong to one enterprise ID. Managed Users consume a standard Box
license and often, but not
always, share the same email domain.

# Log in as Admin User

Some applications need permissions that only Admins have in order to
properly operate and therefore require an Admin to log in.
An example of this would be a security application that monitors enterprise
events and takes action on suspicious events. The events endpoint can only
be used by Admins or a Co-Admin with permission to access reporting.

## External Users

An externally managed user, or External User, is a Managed
User that belongs to a different enterprise ID. External users are often
encountered when they are collaborated in on content owned by a Managed User of
the application's enterprise, or when they authorize an OAuth 2.0 application.
These users still have their own Box accounts, but cannot be managed via the
Admin Console.

## Service Account

A Service Account provides developers with a programmatic authentication
mechanism for server-side integrations with Box. In other words, an application
can authenticate to Box as the service, which is represented by a Service
Account user. Service Accounts are only accessible with the API, meaning they do not have login credentials.
A Service Account can then be used to create other application
specific users, called App Users described further below.

 
 
 
 
 
 
 
 
 

### Creation

A unique Box Service Account is automatically generated as soon as an
application, leveraging server authentication, is [authorized](g://authorization/custom-app-approval) in the
Admin Console. From that point forward, the Service Account represents the
application in the Box enterprise. Since every Box account must have an email
address, Box assigns one. The format will always be
`AutomationUser_AppServiceID_RandomString@boxdevedition.com`. For example:
`AutomationUser_123456_6jCo6Pqwo@boxdevedition.com`. This is why you may
sometimes hear the Service Account referred to as an Automation User.
The numbers surrounded by underscores are also unique to the application and are
called a Service ID. To locate a Service ID in the [Developer Console](https://app.box.com/developers/console),
click on the tile for an application and look at the URL. For example,
`https://example.app.box.com/developers/console/app/123456`. As you can see,
this application corresponds to the Service Account provided in the example
above.
By default, most Service Accounts are allocated 10GB of storage. This is because
they abide by the storage allocation set in the **New User Default Settings**
found under the **User Settings** tab of the Admin Console. This amount may
differ based on whether an enterprise updated this setting or not. To
update the amount of storage allocated to a Service Account after its creation,
make an API call to the [update user](e://put-users-id) endpoint and pass in the
desired value, in bytes, using the `space_amount` body parameter.
Once the Service Account is generated, a section is automatically added to the
General tab of the [Developer Console](https://app.box.com/developers/console) revealing the email address.

 
 
 
 
 
 
 
 
 

If someone attempts to make API calls using a Service Account Access Token
before the application is authorized in the Admin Console they will receive an
error message:
`"error": "unauthorized_client"`
`"error_description": "This app is not authorized by the enterprise"`

### Use Cases

- *Distribution Publishing*: upload and share files with any number of users whether or not they are authenticated

- *On-Premises Systems and Devices*: programmatically ingest content from on-premises systems and connected devices

- *Content Migration and Monitoring*: move content from on-premises to the cloud or between cloud providers

- *Event Monitoring*: monitors events in an enterprise to ensure compliance and or trigger workflows based on actions

- *Content Archive*: house minimally accessed content

### Permissions

The endpoints that a Service Account Access Token can successfully interact with
are determined by the application [scopes](g://api-calls/permissions-and-errors/scopes) configured in the
[Developer Console](https://app.box.com/developers/console). Depending on the granted scopes, a Service Account may
have the ability to perform Admin actions.

# Admin Approval

With the right [scopes](g://api-calls/permissions-and-errors/scopes) enabled, a Service Account can perform many
Admin actions. For this reason JWT applications need
explicit [Admin approval](g://authorization/custom-app-approval) before they can be used in an enterprise.

### UI Access

Only Primary Admins have the ability to log in as a Service Account through the
[Content Manager](https://support.box.com/hc/en-us/articles/360044197333-Using-the-Content-Manager) in the Admin Console. To do this, use the Content
Manager's search bar to locate the name of the application, right click on it,
and select “Log in to user’s account”.
A Service Account can be thought of as having the permissions of a Box Co-Admin.
Similar to co-admins being unable to manage each other, co-admins cannot log in
as a Service Account user.
Service Accounts are not currently visible in the users and group tab of the
Admin Console.

### Folder Tree and Collaboration

Because a Service Account represents an application as a user within the
enterprise, it has its own folder tree and content ownership capabilities. By
default this folder tree is empty because the Service Account does not initially
own or collaborate on content. This is similar to when you first land on your
All Files page in a newly provisioned Box account.
To collaborate a Service Account on existing content use the assigned email
address to invite them as you would any other user. If you are instead adding
the collaboration [via the API](e://post-collaborations) you will need to use an Access Token
for a user that already has access to the content and has the appropriate
collaboration permissions to invite collaborators. You will also use the Service
Account’s user ID, which is returned when making a call to the
[get current user endpoint](e://get-users-me) using an Access Token for the Service
Account.

It is possible to assign a Service Account an email alias if that is
easier to remember when adding collaborations.

### Box View

A Service Account is also automatically generated when a Limited Access App is
created in the [Developer Console](https://app.box.com/developers/console). This Service Account has some additional
restrictions that a Service Account associated with a Platform App does not.

- All content used within the Limited Access App must be uploaded and owned by the Service Account

- The Service Account can not access any other user's information or content

- The Service Account can not create or otherwise manage any type of new user

- The Service Account can only access a subset of APIs related to previewing content

## App User

App users are only accessible via the API, meaning they do not have login
credentials. They can be created by a Service Account and therefore are
only applicable to applications leveraging server to server authentication. App
Users are tied to the application used to create them, and while they can
collaborate on content outside of the application, the user itself cannot be
moved under another application.

### Creation

App users are created using a Service Account access token to call the
[create user endpoint](e://post-users). The `is_platform_access_only` body parameter
must be set to true or a managed user is created instead.
Since every Box account must have an email address, Box assigns one. The format
will always be `AppUser_AppServiceID_RandomString@boxdevedition.com`. For
example: `AppUser_1234567_LOCqkWI79A@boxdevedition.com`.
The numbers surrounded by underscores are also unique to the application and
are called a Service ID. To locate a Service ID in the [Developer Console](https://app.box.com/developers/console),
click on on the tile for an application and look at the URL. For example,
`https://exampl.app.box.com/developers/console/app/1234567` . As you can see,
this application corresponds to the App User in the example above.

### Use Cases

App Users extend the functionality of Box’s Platform to applications serving any
user, regardless of if they have an existing Box account. App users are often
used by applications that manage their own user authentication, but want to
store the data in unique Box user accounts.

- *Customer Portals*: Websites or applications where clients or patients can log in to access information provided by employees at a company and/or to store and retrieve their own sensitive documents.

- *Vendor Portals*: Content distribution sites for companies to provide materials including marketing collateral, price lists, product information, sales agreements or contracts, and other documents to vendors. Box's groups and permission model allow for companies to organize content for partners based on partner criteria and/or tier.

- *Branded Customer Facing Applications*: The ability to create App Users on behalf of an end-user allows companies to build seamless customer-facing features such as permissions, auditing, and reporting. This is particularly valuable for regulated industries such as Financial Services and Healthcare. Moreover, user-based data from our [reporting capabilities](e://get-events) allows developers to leverage analytic tools to better understand user behavior.

### Permissions

App Users cannot see or interact any content in the folder tree of the Service
Account unless explicitly added as a collaborator. Again, because App Users does
not have login credentials, they cannot access content outside of the
platform application.

### UI Access

App users are accessible via the [Users & Groups tab](https://support.box.com/hc/en-us/articles/360043695714-Admin-Console-Guide) of the Admin
Console. To filter for these users, use the view options button > Role >
App Users.

 
 
 
 
 
 
 
 
 

App Users are also accessible through the [Content Manager](https://support.box.com/hc/en-us/articles/360044197333-Using-the-Content-Manager) in the Admin
Console.

### Folder Tree and Collaboration

Each App User has its own folder tree and content ownership capabilities. By
default this folder tree is empty because they do not initially own or
collaborate on content. This is similar to when you first land on your All Files
page in a newly provisioned Box account.
To collaborate an App User on existing content use the assigned email
address to invite them as you would any other user. If you are instead adding
the collaboration [via the API](e://post-collaborations) you will need to use an Access Token
for a user that already has access to the content and has the appropriate
collaboration permissions to invite collaborators.

## As-User

If you are using OAuth 2.0, JWT, or CCG as the authentication method for your
application, it is possible to make what are called `as-user` calls. This means
that even though you created an original connection to the Box API as yourself
or as a service account, you can make subsequent calls impersonating another
user. This is useful in automating administrative tasks like folder
reorganization or employee provisioning. In order to make `as-user` calls,
the appropriate scope must be added to the application when creating it
in the developer console. For example, in an OAuth 2.0 platform app, you
would need to turn on this switch.

 
 
 
 
 
 
 
 
 

Next step


**Reference:** https://developer.box.com/platform/user-types/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Support The Box Developer Relations team loves to help developers in any way we can.
Outside of interviewing developers regularly, we…

# Support

The Box Developer Relations team loves to help developers in any way we can.
Outside of interviewing developers regularly, we provide the following
options for you to connect with us.

## Developer Forum

Recently, we relaunched our developer community. It is now even easier to
connect with developers like yourself and ask questions about
your development issues. You can also share any successes you have had.
[Join Today](https://community.box.com/)!

 
 
 
 
 
 
 
 
 

## Medium Blog

We + some of our partners write tutorials and make announcements on our
[Medium blog](https://medium.com/box-developer-blog) regularly. Typically, we release content every
Tuesday, but frequently, it is even more often than that. We welcome
any requests for content on our developer forum.

 
 
 
 
 
 
 
 
 

## Box Platform Twitter

Like the changelog on the developer site, we post Box Platform
updates, as well as new blogs. You can follow at [Box Platform](https://twitter.com/BoxPlatform).

 
 
 
 
 
 
 
 
 

Next step


**Reference:** https://developer.box.com/platform/support/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Use Cases Before beginning application development, it is best to assess if your use
case is a good fit for the Box Platform. Generally…

# Use Cases

Before beginning application development, it is best to assess if your use
case is a good fit for the Box Platform. Generally speaking, content centric
processes perform best.
Some questions to ask when assessing if a use case include:

- Is content always involved in the process?

- Does the process involve moving content from one place to another?

- Can the workflow abide by [waterfall permissions](https://support.box.com/hc/en-us/articles/360043697254-Understanding-Folder-Permissions)?

- Does the process involve administrative tasks that may be automated?

If you answered **yes** to the above questions, you most likely have a great use
case for Box Platform.
Some common customer solutions include:

- Marketing asset management

- Secure document vaults

- Wealth management portals

- Automatic folder creation based on user provisioning

- Adding relevant metadata using machine learning

- Claim reviews with built-in approval/rejection flows

- Event monitoring for security and auditing

Still not sure if you have a good use case? Reach out to your Box account team.

Next step


**Reference:** https://developer.box.com/platform/use-cases/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Branding Guidelines We are glad you are using Box Platform, and we want you to be able to
broadcast to the world that you are using Box…

# Branding Guidelines

We are glad you are using Box Platform, and we want you to be able to
broadcast to the world that you are using Box. However, it is very important
that your application not be mistaken for an official Box application. For this
reason, we created a guide to using our name and logo.

## Approved logos

Approved Box logos can be found in [this Box folder](https://cloud.app.box.com/v/BoxCorporateLogo).

## Things to do

### Inform users

Let users know when they’re connecting to Box.

Many apps feature a “connect to cloud services” menu, or something similar. In
this case, you should feel free to use our name and logo to help people find us.

### Contact us

We’re here to help. Many situations can be ambiguous, and we’ll absolutely work
with you to make sure that your app works within our guidelines. Contact
us with any questions.

## Things not to do

### Do not impersonate Box

Please don't call your application anything that might be mistaken for an
official Box application.
This means no use of the word "Box" unless it’s abundantly clear that it’s not
official. For example, "Unofficial Box Client" is certainly clear enough, while
"Box App for Android" is not.
If you include your own brand name (for example,
"My Company Box Client"), you’re probably fine. Nonetheless, this is probably
the most ambiguous guideline, so please [contact us](https://support.box.com/hc/en-us/requests/new) if you have any
questions, and we’ll get you sorted out right away!
In short though, this means:

- Don't use our logo or any similar logo or part of our logo as the icon for your application.

- Don't use our name or logo in any way inside your application that would make it look like it’s an official Box application.

### Don't alter Box logo

Don't alter the 'Box' logo in any way when using it in your application.

### Don't use older names

Don't refer to us as `Box.net` or `Boxnet`. Our company is known as
"Box" only.


**Reference:** https://developer.box.com/platform/appendix/branding-guidelines/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Architecture Patterns We recommend creating a visual representation for your application before
writing any code. The architecture patterns…

# Architecture Patterns

We recommend creating a visual representation for your application before
writing any code. The architecture patterns shown below are generic and do not
represent an exhaustive list of possibilities.

Would you like assistance with application architecture?
Contact your account team to purchase Box Consulting services.

## Administrative tasks

 
 
 
 
 
 
 
 
 

Components:

- A server or local machine running a PowerShell script

- An identity provider with a user provisioning/deprovisioning service

- A [Service Account](page://platform/user-types/#service-account) owned folder containing a personal folder for each user

- A PowerShell script based on a time that monitors the [event stream](e://resources/event) and creates/collaborates each user on their personal folder

## Vault Portal

 
 
 
 
 
 
 
 
 

Components:

- A custom portal allowing users to collaborate in a non-Box branded environment

- A load balancer distributing users to a web server with the deployed portal

- Users can login using credentials maintained in an identity provider, which are then mapped to [App User](page://platform/user-types/#app-user) information from Box within a data server.

- Other site data is stored on the data server

## Box Skill

 
 
 
 
 
 
 
 
 

In this example, external users upload their resumes via a [file request](https://support.box.com/hc/en-us/articles/360045304813-Using-File-Request-to-get-Content-from-Anyone).

A [Box Skill](g://applications/app-types/custom-skills) is set to monitor any upload/move/copy actions in a
specific folder. When an event occurs, the file is sent to a cloud provider to
be processed by any machine learning service. Once it is processed, information
is [saved back to the file as metadata](e://post-files-id-metadata-global-boxSkillsCards). This metadata can then be
used in another process or for future reference.


**Reference:** https://developer.box.com/platform/appendix/architecture-patterns/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Locating Common Values User IDs As a developer To locate your own user ID via the Box web app, navigate to your All Files
page. Click the…

# Locating Common Values

## User IDs

### As a developer

To locate your own user ID via the Box web app, navigate to your **All Files**
page. Click the circle in the top right corner and select **Account Settings**
from the dropdown menu. Your user ID is the **Account ID** value listed in the
**Account Details** section of the **Account** tab.
To locate your user ID via API, navigate to the Developer Console and generate
a [Developer Token](g://authentication/tokens/developer-tokens) or obtain an [Access Token](g://authentication/tokens/access-tokens) for yourself. Use
this token with the [get current user endpoint](e://get-users-me), which will
return your user ID in the `id` field.

### As an Admin

If your account type provides access to the [Content Manager](https://support.box.com/hc/en-us/articles/360044197333-Using-the-Content-Manager),
click on the user in question from user list. The URL will
reveal their user ID. For example,
`https://.app.box.com/master/content/2267862105/0/0`, the user ID is
`2267862105`.
To locate user IDs via API, navigate to the Developer Console and generate
a [Developer Token](g://authentication/tokens/developer-tokens) or obtain an [Access Token](g://authentication/tokens/access-tokens) for yourself.
Then, make an API call to the [list enterprise users](e://get-users) endpoint. This will
provide a list of all users in your enterprise.

## Enterprise ID

### As a developer

To find your enterprise ID via API, navigate to the Developer Console and
generate a [Developer Token](g://authentication/tokens/developer-tokens) or obtain an [Access Token](g://authentication/tokens/access-tokens) for
yourself. Use this token with the [get current user endpoint](e://get-users-me) and
request the `enterprise` field.

### As an Admin

From the **Admin Console**, navigate to the **Account & Billing Tab**. The
Enterprise ID is located under the **Account Information** section.

## Content IDs

### As a developer

To locate a file ID via the Box web app, navigate to the file's
preview in your browser and look at the URL. For example, the file ID of
`https://app.box.com/file/1234567890` is `1234567890`.
To locate a folder ID via the Box web app, navigate into the folder and
look at the URL. For example, the folder ID of
`https://app.box.com/folder/9876543210` is `9876543210`.
To locate content IDs via the API, you may want to start by listing all items at
the All Files level by passing `0` as the `folder_id` of the
[list items in folder](e://get-folders-id-items) endpoint.

### As an Admin

If you have access to the [Content Manager](https://support.box.com/hc/en-us/articles/360044197333-Using-the-Content-Manager), click on the user
in question from the user list and then navigate to the content. The URL will
reveal the folder and/or file id. For example,
`https://app.box.com/master/content/1987212562/88560510648/0/532181212706`.
The User ID is `1987212562`, the folder ID is `88560510648` and the file ID
within that folder is `532181212706`.


**Reference:** https://developer.box.com/platform/appendix/locating-values/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

Appendix In this section, you will find some other getting started related
material. It isn't vital to know from the get go, but it can help…

# Appendix

In this section, you will find some other getting started related
material. It isn't vital to know from the get go, but it can help
pinpoint you to a solution if you are having an issue.

- [User Models](page://platform/appendix//user-models): This page goes over how to use the users types discussed earlier in this series.

- [Architecture patterns](page://platform/appendix/architecture-patterns): This page goes over some typical infrastructure patterns we see.

- [Locating Common Values](page://platform/appendix/locating-values): This page goes over how to find pieces of information like user IDs.

- [Branding Guidelines](page://platform/appendix/branding-guidelines/): This page lists out various things to keep in mind if you plan to use the Box brand for your project


**Reference:** https://developer.box.com/platform/appendix/

---

## Untitled

*Type: page | Category: Learn Box Platform
*

User Models Once you confirm your use case is a good fit for Box Platform and you
have a solid understanding of the types of users involved…

# User Models

Once you confirm your [use case](page://platform/use-cases) is a good fit for Box Platform and you
have a solid understanding of the [types of users](page://platform/user-types) involved, you can
select a user model to begin [application architecture](page://platform/appendix/architecture-patterns).

## Classic

In this model, the application has internal and external users. The external
users share or collaborate on content with internal users who use the Box web
application.

 
 
 
 
 
 
 
 
 

- **Internal User Type**: [Managed Users](page://platform/user-types/#managed-users)

- **External User Type**: [App Users](page://platform/user-types/#app-user)

- **Content Owned By**: Application [Service Account](page://platform/user-types/#service-account) or [Managed Users](page://platform/user-types/#managed-users)

- **Examples**: Vault Portals, Document Submissions, Field Worker Applications

Benefits of this user model:

1. Removes the need to build additional functionality for internal users

2. Allows App Users to be mapped to your own identity system like `Auth0`

3. Allows reporting on all actions to meet to meet security and compliance requirements

## App User

In this model, the application has internal and external users who all leverage
the same custom UI.

 
 
 
 
 
 
 
 
 

- **Internal User Type**: [App Users](page://platform/user-types/#app-user)

- **External User Type**: [App Users](page://platform/user-types/#app-user)

- **Content Owned By**: [App Users](page://platform/user-types/#app-user)

- **Examples**: Vault Portals, Document Submissions, Field Worker Applications

Benefits of this user model:

1. Allows for a custom experience for internal and external users

2. Separates managed user and application content by allowing managed users to have separate App User accounts

3. Allows App Users to be mapped to your own identity system like `Auth0`

4. Allows reporting on all actions to meet to meet security and compliance requirements or tracking in other systems

## Service Account

In this model, the application has internal and external users, but the user
object already exists. This model also works well when users are transient
in nature, but the content must persist.

 
 
 
 
 
 
 
 
 

- **Internal User Type**: [Managed Users](page://platform/user-types/#managed-users)

- **External User Type**: Managed by your customer’s applications

- **Content Owned By**: Application [Service Account](page://platform/user-types/#service-account)

- **Examples**: Wealth Management Portal, Insurance Claim Workflow

Benefits of this user model:

1. Useful when the App User model would complicate existing applications

2. Useful when there is not a good 1:1 end user/app user mapping, such as users mapped as groups

3. Permissions are easier to manage, since the Service Account owns all content

4. Ability to implement a token exchange to ensure that broad scoped access to the Service Account does not occur

## System to system

In this model, no user content normally needs to be handled.

 
 
 
 
 
 
 
 
 

- **External User Type**: N/A

- **Internal User Type**: N/A

- **Content Owned By**: Application [Service Account](page://platform/user-types/#service-account)

- **Examples**: Back Office Applications, Integrations, User Provisioning, Folder Auto-Creation

Benefits of this user model:

1. Useful when user construct isn’t needed (e.g. departmental or company owned content that transcends user ownership)

2. Allows for complete control of permission assignment to backend services since the Service Account can be granted elevated privileges


**Reference:** https://developer.box.com/platform/appendix/user-models/

---


---