Skip to main content

Hi everyone,

I'm seeking assistance with configuring a Box application to retrieve files from a specific folder using their API. I have an admin account on Box.com where the files reside.

My goal is to achieve this using Client Credentials Grant authentication. However, when I create a new app in the Developer Console, it requires authorization before I can obtain an access token.

Here's the challenge: I want to deploy a script on my WordPress website that automatically downloads a file daily from the Box folder and utilizes it for specific tasks. However, the Developer Console currently identifies me as an admin, not a developer. This restricts my app from accessing the files via API.

Previous Attempt:

I tried creating a separate developer account and adding it as a collaborator to the main (admin) account. This allowed me to verify and authorize the app, obtaining an access token. However, I'm concerned that a developer account wouldn't grant access to the specific files within the folder I need.

Request for Help:

I'd appreciate any guidance on how to achieve this objective while maintaining the security of the files on Box.com.

To configure your Box application to retrieve files using the Client Credentials Grant authentication, you’ll need to ensure that your app is properly authorized and has the necessary permissions. Here are the steps you can follow:

Create a Custom App:
Go to the Box Developer Console and create a new custom app.
Select “Server Authentication (with Client Credentials Grant)” as the authentication method1.
Authorize the App:
As an admin, you need to authorize the app in the Box Admin Console.
Navigate to the Authorization tab for your application within the Developer Console and submit the app for approval.
Set Up Application Access:
Ensure that your application has the appropriate access level. By default, it can only interact with its Service Account and any App Users.
To access existing Managed Users of an enterprise, set the Application Access to “App + Enterprise Access” in the Configuration tab.
Configure API Calls:
Use the Client Credentials Grant to obtain an access token. Your request body should include your client ID, client secret, and set the grant_type to client_credentials.
If you want to authenticate as the application’s Service Account, set box_subject_type to enterprise and box_subject_id to your enterprise ID.
Here is an example of how to make the API call using cURL:

curl -i -X POST "https://api.box.com/oauth2/token" \
  -H "content-type: application/x-www-form-urlencoded" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "grant_type=client_credentials" \
  -d "box_subject_type=enterprise" \
  -d "box_subject_id=YOUR_ENTERPRISE_ID"

Deploy the Script on WordPress:
Once you have the access token, you can use it in your script to make API calls to Box and retrieve the files.
Schedule the script to run daily using a cron job or a WordPress plugin that supports scheduled tasks.


Reply