Direct Link with Username and Password




  • kcairns



    Is there any way to expose a download link with a standard HTTP auth?


    Looking into using this functionality to integrate with downstream vendors.

    コメントアクション Permalink
  • SalsaShark42



    1. Use a Shared Link.  When you create it, you can set it up so that anyone with the link can access the file.  Simplest approach, but obviously the least secure.


    2. Build a proxy application that sits between the users and Box that doesn't require any user authentication.  I'm doing this now for a client where they have a custom web interface for searching, viewing and downloading public documents.  After the user runs a search, they are presented with a list of Shared Links (generated by the custom application).  So their only direct interaction with Box is when they click on the Shared Link.  All other authenticated Box activities are happening on the server side using a dedicated service ID.


    3. Build a proxy application that sits between the users and Box that handles its own authentication (sort of an App User approach).  The links would be generated by this application and the application would be responsible for parsing and validating the username/password before providing the requested document.  From there, you can either use Shared Links >if< you're using App Users who are assigned to folders, or you can dynamically generate expiring embed links that will work for that user for a limited period of time (I believe the link is good for 5 minutes, with another hour allowed in the embedded viewer).

    コメントアクション Permalink