The Box Platform provides rich content services to create secure, enterprise-ready web and mobile applications with engaging experiences for end-users. While Box Integrations allow partners and customers to connect their application to the Box ecosystem, Box Platform allows developers to use Box's content services as stand-alone components within their own application.
To support developers building with Box Platform, we've introduced a server-to-server authentication option and an API-based user model.
- App Auth: Box’s authentication feature allows your application to authenticate directly to Box using a JSON Web Token (JWT) grant and RSA keypair. This authentication replaces the first leg of the standard 3-legged OAuth process in which a user grants an application permission to access the user’s Box account, removing the friction of multiple logins and services for your users.
- Application Users: a type of full-featured enterprise Box account that belongs to your application, but not a Box end-user. Unlike typical Box accounts, these accounts do not have an associated login and can only be accessed through the Content API by the controlling application and associated Box user id. This new user model allows the application to take advantage of groups, permissions, collaborations, comments, tasks, and the many other features offered by the Box platform.
In the standard Box integration, applications integrate directly with pre-existing Box accounts, granting access to user-specific content; however, these accounts remain owned by the end-user and their associated enterprise. With App Auth and App Users, developers have access to all of the functionality of Box’s Content API while also owning the user authentication, user accounts, and content associated with their application.