Box Service Account Connection
Learn how to create a connection to a Box Service Account.
Written by Andrea Harvey
Updated at July 22nd, 2025
Table of Contents
Overview
The Box connector in DryvIQ enables you to analyze, migrate, copy, and synchronize files from your Box account to cloud storage repositories and on-premises network file shares. The first step is to create the Box connection by providing the connection information required for DryvIQ to connect to the server. The connector can be made using a standard Box account or a Box Service Account. Service Accounts have additional advantages, such as improved rate limits and optimizations for migrations, that should be considered when defining a project.
Box Standard Account
Please refer to Box for information regarding how to create a standard Box connection.
Simulation Mode
Even though simulation mode doesn’t move data, Box will identify activity on accounts during simulation mode. Therefore, your Box administrator should disable Box security notifications when Box is the source connector for copy jobs or when Box is used in sync jobs. This prevents users from getting security notifications about activity on their accounts.
Creating a Connection
- Expand the Manage section in the left navigation menu.
- Click Connections.
- Click Add connection.
- Select Box (Service Accounts) as the platform on the Add connection modal.
- Enter the connection information. Reference the table below for details about each field.
- Test the connection to ensure DryvIQ can connect using the information entered.
- Select Done.
| Field | Description | Required |
|---|---|---|
| Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. |
Optional |
| User type | Required | |
| Connect as standard user | Select this option to create a standard connection that allows access to a user's files and folders. This is the default selection. |
|
| Connect as account administrator | Select this option to create an administrator connection. This requires administrator privileges and grants access to all accounts within the organization. This option is often used along with impersonation to simplify transferring multiple user accounts. When connected as an administrator, the first level of folders will be user names. | |
| Client ID | Your administrator will provide this value. It can be found in your Box Developers Console or the boxAppSettings section of {{public key}}_config.json. | Required |
| Client Secret | Your administrator will provide this value. It can be found in your Box Developers Console or the boxAppSettings section of {{public key}}_config.json. | Required |
| Enterprise ID |
Enter the Enterprise ID if the connection will list content for all users on your connection root. This field is not required when an Account ID is being used.
The Enterprise ID cannot be used with an Account ID; the options are mutually exclusive. |
Required if not using an Account ID |
| Account ID |
Enter the account ID (user ID) if the connection will impersonate a single account. This field is not required when an Enterprise ID is being used.
The Account ID cannot be used with an Enterprise ID; the options are mutually exclusive. |
Required if not using an Enterprise ID |
| Public Key ID | Enter the public key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. | Required |
| Private Key |
Enter the private key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json.
When you download the {{public key}}_config.json, the private key is displayed in the privatekey element. It looks something like this:
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n",
You only need to add the values between the quotation marks. In the above example, you would add the following as the private key:
-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n |
Required |
| Password | Enter the password for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. The password is generated by Box when created via the download keypair from your Box Developers Console. | Required |
| Behavior When Deleting Items |
Select the type of deletion DryvIQ should perform when deleting items: Permanent or Soft.
Soft delete is the default behavior. A soft delete marks items as deleted. You can still access them to restore or permanently delete the items.
Permanent delete is the recommended behavior. A permanent delete removes the items. This deletion is not reversible. |
Optional |
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms, allowing you to configure actions based on Job Policies and Behaviors. The information below is platform-specific. Use the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
| Supported Features | Unsupported Features | Other Features/Limitations |
|---|---|---|
| Version Preservation | Restricted Types |
File Size Maximum: Varies See below for more information. |
|
Timestamp Preservation |
Path Length Maximum: N/A See below for more information. |
|
|
Author/Owner Preservation |
Segment Path Length: 255 | |
|
File Lock Propagation |
Invalid Characters: \ / Emoji characters in file and folder names will be replaced with an underscore. |
|
|
Mirror Lock Ownership |
No trailing spaces in folder names, file names, or file extensions | |
|
Account Map |
No non-printable characters DryvIQ will not filter any non-printable ASCII characters. |
|
|
Group Map |
Box has download limitations for the number of folders and files contained in one folder. Please refer to Box documentation for further details. | |
| Permission Preservation | Box accounts that do not have administrator-level access cannot remove group permissions on files during a job transfer. | |
|
User Impersonation |
The maximum tag size in Box is 255 characters. You can enter more characters than the maximum, but Box will truncate it down to 255 characters. | |
|
Metadata Mapping |
Google document types created natively on Box can be moved and will retain their formatting. However, they will have the native Google file extensions (.gdoc, .gsheet, etc.). | |
| Tags Map |
Account Map
DryvIQ will use an account’s email address as its username, allowing the account to be automatically mapped when selecting to map by username when creating the account map.
Box Comments
DryvIQ does not support transferring Box comments from folders and files.
Box Notes
DryvIQ offers the option to convert Box Notes when migrating to other platforms. This option is enabled through the Allow Rendition option on the Behaviors page when creating a new job.
- When enabled, Box Notes will be transferred to the destination as .docx files.
- When disabled, Box Notes will be transferred to the destination as .json files.
Box Notes Versions
You can choose to have DryvIQ always transfer all versions of Box Notes by editing the Box suppress_notes_versions configuration option. See Configuration Options for more information.
Perfromance Impact
Enabling renditions will cause your job to run slower since Box doesn't support native event detection for Box Note files and must crawl to detect changes.
Job Behavior
The job will handle Box Notes in the following way to ensure job performance.
- The first job run will pick up all box notes.
- Delta job runs use Box native event detection to identify changes. Since Box doesn’t support native event detection for Box Notes, Box Notes files will be ignored. There may be exceptions where Box reports changes to Box Notes. When this occurs, the job will pick up the changes.
- To migrate updated Box Notes, you will need to perform a soft reset on the job. The job will perform a full crawl of the content, migrating the updated Box Notes. This is recommended at the end of a job to ensure all Box Notes updates are transferred.
Supported Box Notes Features
|
|
|
Unsupported Box Notes Features
- Preview image via link. Preview images are not supported when converting Box Notes to .docx files since there is not enough information available for DryvIQ to download the image.
- Call Out
- Table of Contents
- Edits to the .docx file on the destination are not transferred to the original Box Note on the source for sync jobs.
Box Enterprise Plus
Box Enterprise Plus offers a maximum file size upload limit of 32 GB. DryvIQ requests the maximum file size limit from Box; DryvIQ places no artificial limits. When creating any Box connection, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter.
Character Sanitization
DryvIQ will sanitize file names that contain combined Unicode characters by replacing the characters with an underscore (_).
Content Created by External Users
Externally Shared Content Box to Google
Externally shared content will migrate from Box to Google. External users will receive an email notification from Google, indicating that content has been shared with them. On the Google platform, you can see the permissions applied to the external collaborator under “Manage Access.”
File Size Limits
The maximum file size limit for uploading to Box can range from 250 MB to 150 GB, depending on your Box account. There is no maximum file size limit coded with DryvIQ. Instead, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter when the Box connection is created. DryvIQ will respect the limit provided as the maximum file size for this connection. See Box's Understand the Maximum File Size You Can Upload to Box support document for more information.
Folder Size Limits
Box limits folder contents to 15,000 files but recommends keeping the number of files to no more than 10,000 to ensure optimal performance. DryvIQ follows the 10,000 file limit per folder. If a folder has more than 10,000 items, DryvIQ will flag it with the error, “The path exceeds the maximum number of 10,000 children.” Refer to the Box Support forum for more information about Box subfolder limits.
Group Maps
When creating a group map with Box as the destination, you must provide the Box ID for the map to function correctly.
Invalid Characters and Spaces
DryvIQ verifies file and folder names to identify unsupported characters based on the platform. It then replaces invalid characters with an underscore (_) so the files and folders can be transferred.
The logic includes leading and trailing spaces in file and folder names. DryvIQ replaces the space rather than trimming it because trimming the space could cause duplicate file names. Adding the underscore ensures the name remains unique.
Emoji characters in file/folder names will be replaced with underscores.
Link Format for Link Remediation
When remediating links from Box, only links in the following format are supported:
<https://<tenant>>.app.box.com/file/<platform id>
<https://<tenant>>.app.box.com/folder/<platform id>
<https://<tenant>>.app.box.com/integrations/officeonline/openOfficeOnline?fileId=<platform Id>&sharedAccessCode=
Owner Permissions
DryvIQ doesn’t expose owner permissions when migrating from Box. When the account running the job is the owner of the content but the user map between that account and the destination account doesn’t match, DryvIQ won’t grant privileges to the audit trail creator, so the owner will not be able to access the content.
Path Lengths
Box does not impose restrictions for the total path length; however, segment path lengths are limited to 255 characters. Segments are delimited by a forward slash (/). For example, <max 255 characters>/<max 255 characters>.
Server System Clock
Your Box connection from DryvIQ will fail to establish a successful connection if the DryvIQ server system clock time is ahead of the Box platform time because the access token will expire by the time it is returned from Box. Therefore, you must ensure the time on the server running DryvIQ is set to the same time as the Box platform or, preferably, a minute or two behind.
The Box platform uses UNIX time; you can find the UNIX timestamp by visiting https://www.unixtimestamp.com/. Enter the current UTC time of the DryvIQ server on this site to get the UNIX time of Box and the application server.
Shared Links
When transferring from Box, DryvIQ will filter out links shared with specific users and log an entry in the audit log that the shared links were not preserved due to the global sharing policy.
Version Preservation
Each Box account type is limited to the maximum number of file versions that can be accessed. This means that while the UI shows as many versions as you upload, you can only access a certain number of versions. In addition to the default version maximum, account administrators can set the maximum number of file versions to save and track for the account. Both the default file version maximum and any custom version settings added to the Box account affect version transfers. Please refer to Box’s version history documentation to understand the version limitations of your account.