4. Long lived access token (30 days, 60 days,
no expiry).
Restricted to upload and preview API
functionality.
4
5. Users with existing Box accounts.
Use when you don’t want to manage the
user content in the app.
Contains an interstitial permission screen.
5
6.
7. Users with or without existing Box accounts
Use when there is an existing identity
infrastructure.
Use when the app should manage content
for app users.
7
8.
9. Built for ease of development.
Bypasses JWT or OAuth 2 authentication.
Tokens need to be manually refreshed after
1 hour.
9
12. 12
Concern Areas:
Type of Users
Types of Content
Default Scopes
Type of Users: Will you be working with users
within an entire enterprise, or just the app?
Types of Content: Do you need to access and
manage data within the enterprise?
Default Scopes: Read / Write (A,E), Manage
Users (A,E), Manage Groups (A,E), Manage
Enterprise Properties (E).
18. Purpose: Perform actions on behalf of
another user.
Capabilities:
• Needed for full SDK functionality
for user actions (As-User header)
• Allows you to properly manage
users, their content, and actions.
18
19. 19
Purpose: For JWT applications,
create individual OAuth 2 tokens for
users.
Capabilities:
• Needed for full SDK functionality
for JWT application user actions.
• Allows you to bypass the need for
credentials in the typical OAuth 3-
legged flow.