Reputation: 43
How can I keep my Box auth persistently valid?
I have an application that enables users to upload files to MY Box account.
How can I keep my backend service persistently logged in (or have login be fully automated) so I can always upload files?
Upvotes: 0
Views: 126
Answers (1)
Reputation: 2599
There are really 2 possibilities.
1) Don't use your account for other peoples content. If they own those cat pictures, then you really should have those users either give you their email addresses and use Box's "Provision" grant, that gives you a folder-token to access an application folder in that users account. Or have your users sign-in with real OAuth2. It is getting easier to work with OAuth2, especially with it cooked into the SDKs
2) If you are really doing a server-to-server integration, and you own all the content that users send into your application, then you should logon once as yourself, and store the AT/RT in a secure keystore. After that, as long as your server connects to Box at least once every 60 days, your tokens will never die. Access Tokens live for an hour, but Refresh Tokens live for 60 days or until used. Again, the SDKS take care of the token refreshes for you, so you really don't have to worry about this unless you are calling the raw Box REST APIs.
Upvotes: 1
Related Questions
- Use box api oauth without making the user enter credentials
- BOX API - Choosing Authentication
- How to authenticate to box-api without oauth redirecting
- How to auto-authenticate with box.com java sdk
- Login with Box account
- box.com api OAuth authentication
- Is there a way to get a permanent access token on BOX API v2
- Box API Automatic Login for Authentication
- Force Box.com access token to expire
- How to Auto Login using BOX API ?