Skip to main content

I have a business enterprise web application that I built in PHP and it is hosted on BlueHost.



I have an entity named Attachment that is a many to one to a separate entity called Ticket. The Attachment entity represents a file attachment for a Ticket. The way it currently works to upload it is:





  1. I give the file a unique name (random GUID + extension)


  2. I upload the file to the file system


  3. I save a new instance of the record referencing the filename in the database




Then to download it I:





  1. Get the Attachment record by its Id


  2. Search the file system by the filename defined in the record


  3. Return the file by its filename




This worked fine, but I ran into an issue where I was running out of memory on the server, so I talked with the client and convinced them to a cloud based storage solution and we settled on Box.



Now I’m attempting to migrate from using the file system to using Box. I have already created two directories (one for production and one for staging) and uploaded the files from the server to Box. But I’m having a difficult time figuring out how to upload/download the files. Most of the documentation either suggests having the user login using OAuth 2.0 or by using JWT.



So I have created an app using JWT as the authentication, I authorized the app for enterprise, and I have also generated a private/public key. After that, I’m a bit confused. Typically I’d expect to see something like:





  1. Make an API call to generate a JWT token


  2. Make an API call to find the file’s ID, passing the JWT token as a bearer token


  3. Make an API call to download the file based on the ID, passing the JWT token as a bearer token




But the documentation isn’t exactly obvious what my next steps are.

I’ve gotten this to work with an Authentication Type of Client Credentials Grant. I looking now to convert my application to use JWT. It seems this is required in order to utilize the box:cli SDK.



I, too, am developing in PHP. I work with the Laminas Framework. With no SDK for PHP, I utilized the cURL API and created my own frontend. If you have interest, let me know.


I deleted my app in box and followed the steps to create an App Token here: https://developer.box.com/guides/authentication/app-token/app-token-setup/



This allows me to bypass the need to generate a JWT token.



I am having issues with the cURL request to file the file’s ID based on the filename, but I will post a separate question for that.


Generating a JWT can be a cumbersome process, not sure in PHP, but you do need to decrypt the private key, build the JWT assertion to get the access token.



Perhaps CCG, that just requires client id and secret to get an access token is easier to implement.



Let us know



Best regards


Hi Dear Could you help me to doing this


Reply