Skip to content
DOCS
User Guide API Guide

Box

Box is a cloud content management and file sharing service designed to help businesses securely store, manage, and share files online. The Box API provides developers with tools to integrate Box’s content management features into their own applications, enabling efficient collaboration and secure file handling.

Below you can find the Aembit configuration required to work with the Box service as a Server Workload using the Box API.

Prerequisites

Section titled “Prerequisites”

Before proceeding with the configuration, ensure you have the following:

  • Box tenant.
  • A custom authorized application using Server Authentication in the Box tenant. If you have not created an app yet, follow the steps outlined in the next section or refer to the official Box Developer documentation for more detailed instructions.
  • 2FA enabled on your Box tenant to view and copy the application’s client secret.

Create New App In Box

Section titled “Create New App In Box”

  1. Log in to the Box Developer Console.

  2. Navigate to the left pane, select My Apps, and then click on Create New App in the top-right corner.

Box Create New App

  1. Choose Custom App. A pop-up window will appear. Fill in the name and optional description field, choose the purpose, and then click Next to proceed.

  2. Select Server Authentication (Client Credentials Grant) as the authentication method and click Create App.

  3. Before the application can be used, a Box Admin must authorize it within the Box Admin Console. Navigate to the Authorization tab and click Review and Submit to send the request. A pop-up window will appear. Fill in the description field and click Submit to send. After your admin authorizes the app, the Authorization Status and Enablement Status should both be green.

Box Authorized App

  1. Go back to the Configuration tab and scroll down to the Application Scopes section. Choose the scopes that best suit your project needs and click Save Changes in the top-right corner.

Authorize App As an Admin

Section titled “Authorize App As an Admin”

  1. Navigate to the Admin Console.

  2. In the left panel, click on Apps, and then in the right panel, click on Custom Apps Manager in the ribbon list to view a list of your Server Authentication Apps.

  3. Click the 3-dot-icon of the app that requires authorization.

  4. Choose Authorize App from the drop-down menu.

Box Authorize App as Admin

  1. A pop-up window will appear. Click Authorize to proceed.

Server Workload Configuration

Section titled “Server Workload Configuration”
  1. Create a new Server Workload.
  • Name - Choose a user-friendly name.
  1. Configure the service endpoint:
  • Host - api.box.com
  • Application Protocol - HTTP
  • Port - 443 with TLS
  • Forward to Port - 443 with TLS
  • Authentication method - HTTP Authentication
  • Authentication scheme - Bearer

Credential Provider Configuration

Section titled “Credential Provider Configuration”

  1. Log in to the Box Developer Console.

  2. Navigate to the left pane, select My Apps, and then click on the name of the app to view details.

  3. In the General Settings tab, copy the Enterprise ID.

General Settings | Copy Enterprise ID

  1. In the Configuration tab, scroll down to the OAuth 2.0 Credentials section. Click Fetch Client Secret and then copy both the Client ID and Client Secret. Keep these details stored for later use in the tenant configuration.

Configuration | Copy Client ID and Tenant ID

  1. Create a new Credential Provider.

  • Name - Choose a user-friendly name.

  • Credential Type - OAuth 2.0 Client Credentials

  • Token endpoint - https://api.box.com/oauth2/token

  • Client ID - Provide the client ID copied from Box.

  • Client Secret - Provide the client secret copied from Box.

  • Scopes - You can leave this field empty, as Box will default to your selected scopes on the Developer Console, or specify the scopes, such as root_readonly. For more detailed information for scopes, you can refer to the official Box Developer documentation.

  • Credential Style - POST Body

Additional Parameters

  • Name - box_subject_type

    • Value - enterprise

  • Name - box_subject_id

    • Value - Provide the enterprise ID copied from Box.

Client Workload Configuration

Section titled “Client Workload Configuration”

Aembit now handles the credentials required to access the Server Workload, eliminating the need for you to manage them directly. You can safely remove any previously used credentials from the Client Workload.

If you access the Server Workload through an SDK or library, it is possible that the SDK/library may still require credentials to be present for initialization purposes. In this scenario, you can provide placeholder credentials. Aembit will overwrite these placeholder credentials with the appropriate ones during the access process.

Access Policy

Section titled “Access Policy”
  • Create an Access Policy for a Client Workload to access the Box Server Workload. Assign the newly created Credential Provider to this Access Policy.

Required Features

Section titled “Required Features”
  • You will need to configure the TLS Decrypt feature to work with the Box Server Workload.