Limit app to one folder on Box

New post



  • Official comment

    Hi Ravi,

    In addition to what @ruchikosh mentioned, I'd recommend taking a look at our token downscoping capabilities to limit access to only 1 file or folder. Just to give an example of this, here's the downscoping call looks like in Node:

    client.exchangeToken('item_preview', '')
      .then(tokenInfo => {
        // tokenInfo.accessToken contains the new downscoped access token

    The first parameter to exchangeToken, item_preview, allows you to specify what you can do with the resource (in this case preview only), then the second param is the resource identifier to restrict the downscoped token to (in this case a file with ID 123456789).

    That should provide the capabilities to restrict tokens to specific resources.

    - Jon

    Comment actions Permalink
  • ruchikosh

    You can use JWT authentication over standard oauth, that would allow to create an application account in box to which only application user would have access initially. Application user name would start as "AutomationUser_..." which can be found out after authenticating the application and using GetCurrentUser API.

    Post this you can create a root folder in this users account and add the desired users into this user account.


    You can find more details about JWT in the below mentioned articles -

    Comment actions Permalink

Please sign in to leave a comment.