Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Grant permission to a 3rd party application to upload files on behalf of other users

Answered
New post

Comments

3 comments

  • cbetta

    Hi ,

     

    You have a few ways you could approach this. If you go for traditional OAuth 2.0 you can then have a user "log in" with Box and grant you access to write files to their Box account. This would give you a lot of access which might not be what they want, as you will be able to see and write to all their files and folders. The access token for this is valid for 60 minutes, but the refresh token is valid for 60 days, so in theory you can stay authenticated for each user indefinitely.

     

    A better approach might the the following: your application uses JWT to upload the files to a folder owned by your app's service account. You would have a folder for each user you want to share files with, and then you collaborate that Box user into that folder. That way, you don't even need a user to authenticate with you at all. Instead, all you'd need is their email address. 

    0
    Comment actions Permalink
  • JRoeland

    This will do 🙂

    Thanks!

    0
    Comment actions Permalink
  • dallinski

    I'm working on a very similar setup and came to basically the same conclusion as what you stated. But I have one follow-up question: if you use the approach that you propose, you would be limited by the size of your Box account, right?

     

    So if my app uploads 100GB to a folder that Company A is a collaborator on, and 100GB to a folder that Company B is a collaborator on, etc, I would eventually max out my allotted data, right? 

    0
    Comment actions Permalink

Please sign in to leave a comment.