Overview

When you create a Box App in the Box Dev Console, a Box service account is automatically created to represent the application. This page explains how to prepare your account for integration with the DryvIQ platform. 

Enable Two-Factor Authentication

You will need to have a Box account with two-factor authentication enabled to create the Box App. The instructions below explain how to set up two-factor authentication using an authenticator application, since this is the recommended method. If you prefer to use SMS text messages or email as a two-factor authentication method, refer to the instructions available through Box Support for setting up these methods of two-factor authentication for your account. If your account already has two-factor authentication enabled, you can skip this section. Otherwise, follow the steps below. 

1. Log in to https://app.box.com.
2. Click your user icon in the upper-right and select Account Settings.
   
   
3. On the Account tab, scroll to the 2-Step Verification section and click Set up.
   
   
4. Verify Authenticator App is selected and click Next.
   
   
5. Box will display a QR code. Scan it with the authenticator application you are using to generate a six-digit authentication code. Enter the code and click submit.
   
   
6. Enter the mobile phone number that will be used for account recovery and click Submit.
   
   
7. Box generates three account recovery codes that can be used to access your account in the event you lose your device. You should keep copies of these codes in a safe location. Click Close to continue.
8. The  “Authenticator App” will display as “Enabled.”
   

   

Create a Box app from the Box Dev Console

To create your Box app, do the following:

1. Log in to the Dev Console for your Box account.
2. Click Create New App.
3. Click Custom App.
   
   
4. Enter a name and description for your App.
   
   
5. Specify the Purpose and click Next.
   
   
6. On the Authentication Method screen, select Server Authentication with JWT (Server Authentication) and click Create App.
   
   
7. You will be taken to the Configuration page for your new app.
8. Scroll to the OAuth 2.0 Credentials section and find your Client ID. You will use this Client ID to authorize your app on the Admin Console. Click COPY next to the Client ID to copy it to your clipboard.
   
   
9. Scroll to the App Access Level section and select App + Enterprise Access.
   
   
10. Scroll to the Advanced Features section and select the Make API calls using the as-user header and Generate user tokens boxes.  
    
    
11. Scroll to the Add and Manage Public Keys section and click Generate a Public/Private Keypair. This downloads a file that contains the information needed to create the Box connector in the DryvIQ Platform. Save the keypair file ({public key}_config.json) locally for future reference.
    
    This file is not be saved in Box, so it is important that you save this file somewhere where you can access it when you need to create your connection in the DryvIQ Platform.
    
    
12. Click OK to close the file download screen.
13. Click Save Changes in the upper-right side of the page.

Alternate Options

Box requires two-factor authentication to generate a public/private keypair, but two-factor authentication is not applicable when single sign-on is enabled on Box. In this scenario, you can use one of the following alternative methods to generate the public/private keypair.

Alternate 1: Add another account with two-factor authentication enabled as a collaborator to the app.

1. In the Developers Console, select the app.
2. Scroll down to the Collaborators section and click Add New Collaborator.
3. Enter the email address for the account that has two-factor authentication set up and click Add.
4. Log in to Box as the collaborator
5. Go to the Developers Console and select the app.
6. Select the Configuration tab.
7. Scroll down to the Add and Manage Public Keys section and click Generate a Public/Private Keypair.

Alternate 2: Generate Keypair Manually. This option requires OpenSSL or Cygwin package.

Authorize the app from the Box Admin Console

Perform the following steps to authorize your Box app:

1. Access the Admin Console for your Box account.
2. Click Integrations from the left menu.
   
   
3. Select Platform Apps Manager.
   
   
4. Click Add Platform App (the + on the right side of the page).
   
   
5. Enter the Client ID for the app and click Next. (This was the Client ID you copied in step 8 of the instructions for creating the app.)
   
   
6. Confirm that the Application Access is “All Users” and click Authorize.
   
   
7. Confirm that the app you added is listed in the Custom Apps Manager. The Authorization Status should indicate Authorized.
   
   
8. To review the app configuration, hover on the app in the table and click the View button that displays.
   
   
9. Confirm App Access is set to All Users.
   
   

If App Access is not set to All Users, one of the settings is incorrect. You must return to the Dev Console and edit the following settings for the app:

1. Set App Access Level to App +Enterprise.
2. Under Advanced Features, select Make API calls using the as-user header and Generate User Access Tokens.
3. Click Save Changes in the upper-right side of the page.
4. Return to the Box Admin Console and go back to the Custom Apps Manager page.
5. Click the … next to the View button for the app.
   
   
6. Click Reauthorize App in the menu that displays.
   
   
7. Confirm the Application Access column now shows All Users and click Reauthorize.
   
   

Grant Access for the Application in Your Enterprise

The App Key is the Client ID. It can be found in the Developers Console on the application’s Configuration tab. Additional information can be found in Box’s Custom App Approval documentation.  

Box Service Account Connection Parameters 

Below are the required parameters to create a Box Service Account connection in the DryvIQ Platform. Refer to Box Service Account for complete instructions on creating the connection.