Nullpoet
Nullpoet

Reputation: 11269

Unable to use Box API Enterprise API with OAuth2 authenticated app

What I understand is Enterprise API from Box works only with server-server JWT auth and not like OAuth2 based authentication. Box integrations which haveOAuth2 based authentication support only Content API and not the Enterprise API.

Is there way to have OAuth & Ebterprise API at the same time? (I essentially want to manage users & groups any third party enterprise)

Any thoughts/pointers? Thanks in advance!

Upvotes: 0

Views: 259

Answers (1)

John Hoerr
John Hoerr

Reputation: 8035

What I understand is Enterprise API from Box works only with server-server JWT auth and not like OAuth2 based authentication.

This is not correct, though I can see how you could arrive at that understanding. You can work with the Box Enterprise API using traditional 3-Legged OAuth. In fact, for many years 3-Legged OAuth was the only way to work with the Box API.

In order for a 3-Legged OAuth access token to make Enterprise API calls:

  1. The appropriate Enterprise scopes must be selected in the app configuration.
  2. The token must have been issued for a user with enterprise admin/co-admin privileges.

The relationship between JWT auth and the Enterprise API is one of convenience. Enterprise API apps are often non-interactive server-side scripts and/or scaled out to multiple processes. In these scenarios JWT is much easier to work with than 3-Legged OAuth.

Upvotes: 2

Related Questions