Skip to main content
Question

QUESTION: Best Practice - Managing App Users

  • May 21, 2025
  • 3 replies
  • 30 views
C
Forum|alt.badge.img

Hi,

 

What would you recommend is the best practice for managing app users:

A) Create once, store the app user ID in config, reuse for the lifetime of the application?

B) Create a new app user for every session of work and delete it at the end of the session?

 

The tutorial (https://docs.box.com/v2.0/docs/app-users) shows how to get an admin token, create a new app user, use it to do my work, and then deletes the app user. Under regular app use, would I create the app user once and then store the app user ID in my config to be reused for the lifetime of my application? Or is it best practice to create a user just for the duration of my session, and create a new user every time the application runs?

 

I'm using OAuth 2 with JWT for my app that interacts with Box using the C# (.NET Core) SDK.

 

Thanks!

 

- Abbas

    3 replies

    C
    Forum|alt.badge.img

    Hello,

     

    I would say that depends on your use case but I haven't even thought about that usage of creation and destruction of app-users per session. If that suits your use case can be a good approach but you will loose traceability of who creates the documents.

     

    Which will be the actions to be used by those users? upload documents or download them? because to download documents, those APPUSERS will have to have access to the specific folders where the documents are... So, you will have to create them, add them as collaborators on folders, download documents... 

     

    I do not know if is an agile approach.

     

    Thanks

     

     

    C
    Forum|alt.badge.img

    My conclusion in this is A) Create once, store the app user ID in config, reuse for the lifetime of the application. My reasoning goes back to ' comment -- I don't want to have to recreate permissions everytime.

    C
    Forum|alt.badge.img

    Hello ,

    good! 🙂

     

    If that answers the question, please could you mark any of the two posts on the thread (previous to this one) to close the topic so will appear as solved on the list of topics? 🙂

     

    Thanks!

    Terms of ServiceAccessibility statement