Skip to main content

I am a bit confused about the application type and authentication method best suited for my use case.





  • I want to build an application, which should be published into the box app centre.


  • The application should add context menu items to the existing box cloud


  • Users with the box cloud account are the expected users. They will select a file or folder and click the context menu option.


  • Context menu item click - should invoke our API., with information about the selected file or folder.


  • The application should have permission to download and upload files.




The main concern is that I want a long-lived token. I don’t want to re-authenticate for every call of a user a short-lived token.


If multiple Organizations installed the application, How do we differentiate the organization?



Thanks, Sarin

Can you show me a screenshot of what you mean by “content menu items?”



In this case, your option would need to be OAuth 2.0, as they don’t allow JWT/CCG apps to be presented in the Box App Center.



What you are describing sounds to be our Web App Integrations offering.



As stated in that documentation, your integration/popup receives a short-lived authorization code with this request, which can be used to connect to the Box APIs, exchange the code for an Access Token, and then use that to make subsequent API calls to Box.



You can find out more about the token options here. There isn’t a “long lived token” option for your use case. The token you would get has 60 minutes of use time, with a refresh token that can be used up to 60 days later.



Long lived token are only valid for Box View use cases where there isn’t an underlying user model. That type of app would not be in the App Center though.


Thanks @smartoneinok.


You are right, the Web App Integrations offering is the one I was looking for.



Thanks, Sarin


This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.


Reply