Free developer accounts - PLEASE READ
We want to make you aware of a recent effort by certain third-party bad actors to leverage free Box developer accounts in a social engineering attack on certain Box free individual accounts. Upon discovery of this issue, Box decided to temporarily disable new sign-ups for free developer accounts while we work to implement additional technical controls to prevent similar efforts in the future. The security and integrity of our Service is of utmost priority to Box, and we must ensure that we are providing the most secure product experience to our customers.
We understand that some Enterprise customers use these free developer accounts for their own business purposes, and that they may have questions about their inability to sign-up new free accounts. Please use the following talking points when addressing these Customers’ questions or concerns:
- Any free developer accounts that were in place before March 9, 2023 are unaffected by this action;
- Customers may continue to use these pre-existing accounts, in particular they may continue to invite new/additional collaborators within their organization to work within those existing developer accounts;
- Enterprise customers always have the ability to start a sandbox environment for non-production development purposes.
- No timeline for turning the console on, but we are working through making the process more secure.
As updates become available, we will share those more broadly with account teams and any customers who have questions about this issue. In the meantime, please reach out to box-notifications-team@box.com with additional questions or concerns.
-
What does this mean?
If your current developer account has both access to the administrator console and the developer console, you're golden, keep working.
If you are working for a Box enterprise customer they can request a sandbox, which is an isolated Box environment, to proceed with your coding.
For details about the sandbox, take a look at this support note.
If you do not have access to a Box enterprise account, you can still use the free account but you will be limited to OAuth2 authentication applications. Of Course you can always generate a developer token.
For most use cases, this will be sufficient, and you'll be able to work with most of the API endpoints, that deal with:
- Read and write files
- Manage users and groups
- Manage webhooks
- Make API calls with the as-user header
-
What are the steps?
Create a Box free individual account, no credit card required.
Complete the registration process
Make sure you are logged in, and at this point you won't see the developer console on your browser.
Navigate to https://app.box.com/developers/console, and you now have access to the developer console.
Create an application, and select "custom app".
Click next, and then select "User Authentication (OAuth 2.0)"
Click next, scroll down to Redirect URI's and add your callback URI.
Scroll down to Applications scopes and select what you need.
Save the changes.
If you go back to your account, you will now see the developer console menu icon.
You're done!
-
As a bonus, we've created a sample template app using python that can get you started right away.
Check out this GitHub repo.
Please sign in to leave a comment.
Comments
3 comments