Box Embed - Not able to Add/Remove/Edit with Expiring Shared-Links
I got this product where I have customers. For each customer I create a folder on Box, using the box api. Then every time I go to a customer details page, we want to show all that customer's documents coming from box. Every customer in our app will have a folder in BOX that was created using the api. For that, I'm doing this:
When tried to display a customer's documents, our app uses the API to create/update a set-to-expire Shared-Link to that customer's folder, and then show the embed widget with all the sub-folders and files in our website.
Now the problem is that, I would like to be able to directly add/remove/edit files from that embed widget, only on that customer's folder. And at the same time, make it easy which means, I would expect the widget let us directly do those actions without the need of signing in with a box account every time?
Right now the sharedlink doesn't let me do that it seems like, only VIEW and Download. And what I want to avoid is to implement custom UI and backend to control those actions ourselves through API calls. We were really expecting the widget make all that transparent to our app and the user when working with customers in our website.
I don't think you can achieve this without having a user authenticate to Box, either from the web or via API. The shared link you have created is an 'open' shared link which means everyone with the link could potentially access the files in the folder for viewing and/or downloading. Any edits or deletes of content would have to be done by an authenticated user token or session.
Peter Christensen, Platform Solutions Engineer, Box
What you are suggesting looks like the way to go then. I'm gonna take a look at the UI elements dev notes but per what I just checked real quick, it should do it for us.
I really thought for a sec, that we could make it work with the embed and expiring shared links. Just think about it, our app would be: creating/updating an "expiring"-shared-link with password (auto-generated by our code) to a folder every time any customer's files needs to be looked at. Customer's documents are not checked that often, so that's why that should do it for us. Then the link and password would be expiring after a few minutes. Not perfect but still secure and of course, easy integration! :-)
Please sign in to leave a comment.