Box Platform has a new way for Developers to authenticate their apps. For server-server applications the Client Credentials Grant Type is now available.
This grant type is best used when creating machine to machine integrations and when no end-user authentication is needed. This grant type makes it easier and faster to prototype or script against the Enterprise as the Service Account user. Unlike JWT Auth, Client Credentials Grant does not require a Developer to decrypt a public/private key pair.
Developers can choose this grant type when creating new apps. Once selected, a Developer will use the Client ID and Client Secret to make an authenticated call. To give Admins more visibility and control over what apps they approve, we will now include the Auth Method of the application in the Enterprise Authorization request.
Additionally, we now restrict the switching between Auth Methods once an app has been created. To select a different Auth Method, create a new app from the Dev Console home page.