First step: Picking the right authentication method

New post


1 comment

  • braden



    Thanks for reaching out to the Box Community! While I can't tell you absolutely which auth type you should use, I can provide some further information for you about what happens when your app makes calls with those two auth types.


    A JWT app will always make its calls through a special type of user called a Service Account. The app could make use of an As-User tag to impersonate another user, but fundamentally, it starts the call with a request being sent out from that service account.

    An OAuth 2 Standard app, however, makes its calls from the user who allowed access to the app with the Authentication process. The redirectURL is an integral part of this process. It's important to note that JWT apps must be explicitly approved by an admin from the Admin Console in order to work in a Box enterprise, whereas OAuth 2 Standard apps must only be allowed to function in the enterprise (depending on security settings), and will be authorized by the user themselves to access content and make calls as the user. It's also important to note that only OAuth 2 Standard apps can be listed in the Box App Store.


    It sounds like your best bet for your use case would be OAuth 2 Standard, but either option would probably be just fine for what you're building. Let us know if you have other questions, and thanks for your post on the Developer Forum!




    Comment actions Permalink

Please sign in to leave a comment.