Question

Authentication to be used for background automation

Forum|Forum|1 year ago
May 22, 2025
3 replies
46 views

community-manager
Box Employee

Which authentication can be used for background automation?

For example, suppose I want to push the files from local drive to the box without any manual intervention for longer duration.

OAuth 2.0 cannot be used in this case as every time an application uses the Refresh Token to get a new Access Token the Refresh Token is invalidated and a new Refresh Token is returned with the new Access Token. This new Refresh Token is then again only valid for 1 use within 60 days.

When an Access Token is requested using JWT or Client Credentials Grant or App Token Auth, the data is stored within the application's Service Account and not a user's account

C

community-manager
Author
Box Employee
Forum|Forum|1 year ago
May 22, 2025

Hi Rashmi

In the scenario you are describing I would recommend you using either JWT or Client Credentials Grant as you have discovered. You are correct that initially this will authenticate as the service account associated with the application. You have three options:

1. Invite the service account as collaborator on the folders you need to push files to. https://developer.box.com/guides/collaborations/share-content/

2. Use the 'As-User' header to impersonate the user you want to perform the upload as (and who has access) https://developer.box.com/guides/authentication/jwt/as-user/

3. Generate an access token for the user you want to perform the upload https://developer.box.com/guides/authentication/jwt/user-access-tokens/

Best regards,
Peter Christensen, Platform Solutions Engineer, Box