Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status

Zip Download

Follow
New post
Minyue

When using zip download to download many small files, the download speed is extremely slow (~500B/s), but it is much faster when downloading them one by one, or downloading fewer but larger files, using both the UI and API. Is this the expected behaviour? Also, does the download speed differ across account types (e.g. do Enterprise users have higher download speeds than Business accounts)?

Last thing, does the zip download endpoint only allow user Access Tokens to be used to create a zip download, or can enterprise Access Tokens be used as well? I didn't get my enterprise-level Access Tokens to work, but using user Access Tokens did.

0

Comments

4 comments

Date Votes
  • Alex Novotny

    Hello, 

    The slower speed for many small files occurs due to the number of permissions checks that happen on the back end. 

    The download speed does not vary due to account or license type. 

    In terms of token... the token you are using will be based off a user or service account's collaborations - so if the token you created is from a user that doesn't have access to content you are looking for, it won't work. 

    Thanks, 

    Alex, Box Developer Advocate

    0
    Comment actions Permalink
  • Minyue

    Hi Alex, thanks for answering my question about the download speed of zip archives and number of files. I would like to ask as a followup, does Box have mirrors, and would downloading from different regions affect the download speeds (for both single file downloads and zip archive downloads)?

    With regards to the token, I tried using the service account's Access Token and the correct "As-User" header to create a zip download, which should theoretically work, but I got an error 401 instead. Is this supposed to be this way? Thanks!

    0
    Comment actions Permalink
  • Alex Novotny

    Download from different regions should not change the speed drastically. 

    hmmmmm - it sounds like you might be doing something incorrect. Can I see the code you are running? Also... what is the client id of the application? 

    0
    Comment actions Permalink
  • Minyue

    Thanks for your answer about download speeds.

    My code is modified from the Python sample code found at https://github.com/box-community/samples-docs-authenticate-with-jwt-api/blob/master/sample.3.py. The full code is as below:

    import json
    import os
    import time
    import secrets
    import json
    import requests

    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.serialization import load_pem_private_key
    import jwt

    config = json.load(open('config.json'))

    appAuth = config["boxAppSettings"]["appAuth"]
    privateKey = appAuth["privateKey"]
    passphrase = appAuth["passphrase"]

    # To decrypt the private key we use the cryptography library
    # (https://cryptography.io/en/latest/)
    key = load_pem_private_key(
      data=privateKey.encode('utf8'),
      password=passphrase.encode('utf8'),
      backend=default_backend(),
    )

    # We will need the authentication_url  again later,
    # so it is handy to define here
    authentication_url = 'https://api.box.com/oauth2/token'

    claims = {
      'iss': config['boxAppSettings']['clientID'],
      'sub': config['enterpriseID'],
      'box_sub_type': 'enterprise',
      'aud': authentication_url,
      # This is an identifier that helps protect against
      # replay attacks
      'jti': secrets.token_hex(64),
      # We give the assertion a lifetime of 45 seconds 
      # before it expires
      'exp': round(time.time()) + 45
    }

    keyId = config['boxAppSettings']['appAuth']['publicKeyID']

    # Rather than constructing the JWT assertion manually, we are 
    # using the pyjwt library.
    assertion = jwt.encode(
      claims, 
      key, 
      # The API support "RS256", "RS384", and "RS512" encryption
      algorithm='RS512',
      headers={
        'kid': keyId
      }
    )

    params = {
      # This specifies that we are using a JWT assertion
      # to authenticate
      'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
      # Our JWT assertion
      'assertion': assertion,
      # The OAuth 2 client ID and secret
      'client_id': config['boxAppSettings']['clientID'],
      'client_secret': config['boxAppSettings']['clientSecret']
    }

    # Make the request, parse the JSON,
    # and extract the access token
    response = requests.post(authentication_url, params)
    access_token = response.json()['access_token']

    user_id = some_number
    headers = { 'Authorization': "Bearer %s" % access_token, 'As-User': user_id}
    body = {"download_file_name": "Test", "items": [{"id": some_file, "type": "file"}]}
    response = requests.post('https://api.box.com/2.0/zip_downloads', headers=headers, json=body)
    print(response)


    I get a status 401 with no body in the response. However, changing the "sub" in the claim to the user ID and "box_sub_type" to "user" and using that Access Token successfully creates the zip archive and I can download it. The client ID of the application is zak1rwbgjvxdbpi2uof9emlp046rkz97. Thanks!

    0
    Comment actions Permalink

Post is closed for comments.