Custom login form on website
I would like to use the API to allow users on my website login to box.com. However, I would like to use my custom form on my website where user can type username and password, click login button and he will be logged in and redirected to box.com site.
Is it possible with the API?
If it is, which endpoint should I use and what should be in the body?
We do not allow this as although your intentions are good, bad actors would be able to utilize this for phising and other types of attacks and general OAuth guidelines suggest to steer well clear of 'password grant' type API. For custom apps access to Box we provide two secure routes. Client side OAuth 2.0 and server side JWT and Client Credentials grant. See this overview of which type of app to use based on your requirements.
Peter Christensen, Platform Solutions Engineer, Box
Please sign in to leave a comment.