Introduction to Box APIs Jonathan LeBlanc Director of Developer Advocacy, Box Twitter: @jcleblanc Github: https://github.com/jcleblanc 

2 Box Platform Developer Workshop 1. Common application types 2. Setting up your first application 3. Application scopes 4. Making your first API call 5. User types 6. Service accounts What are we looking at today? 

3 Box Platform Developer Workshop Box Platform Common Application Types 

4 Box Platform Developer Workshop Mortgage lending, insurance, banking • Example: Maxwell. • Multiple users that may be working with a single account. • Typically heavy metadata use on files to maintain state. Multiple users handling single account 

5 Box Platform Developer Workshop Digital Vaults and Document Submission • Example: LegalZoom, Robots and Pencils. • Sensitive storage of account records, medical data, or other PII. • Typically set up as a 1:1 interaction, where the app interacts with a single user. Secure storage of sensitive information 

6 Box Platform Developer Workshop Back Office Reporting and Monitoring • Automated account that runs on a regular interval. • Uses the Box event stream and/or webhooks to either monitor changes to the Box account or generate reports based on activity. • Doesn’t make requests on behalf of Box users. Automated reporting, sensitive information detection 

7 Box Platform Developer Workshop Box Platform Setting up your first application 

8 Box Platform Developer Workshop Live Example • Important aspects of the developer site. • Set up your first application. • Authorize your application through the admin console. Creating your first application on Box Platform 

9 Box Platform Developer Workshop Box Platform Application Scopes 

10 Box Platform Developer Workshop Application Scopes What your application will have permission to do on behalf of the application, enterprise, and users. 

11 Box Platform Developer Workshop Read / Write Files & Folders / Upload / View / Download files and folders, and update file versions. / Create / Read / Update / Delete collaborations, tags, tasks, comments, @mentions, task assignments, notifications, and collections. / View enterprise profile information. 

12 Box Platform Developer Workshop Manage Users / Create / Read / Update / Delete / Activate / Disable Users (app and managed). / Change primary login, reset password, change role for managed users and enterprise content. 

13 Box Platform Developer Workshop / Create / Read / Update / Delete groups and group memberships for users. Manage Groups 

14 Box Platform Developer Workshop / App can programmatically control webhooks (referred to as webhooks v2). / Create / Read / Update / Delete new or existing webhooks on files and folders. Manage Webhooks 

15 Box Platform Developer Workshop Manage Enterprise Properties / Read / Update enterprise attributes and reports. / Edit / Delete device pinners (what devices can use native Box applications). 

16 Box Platform Developer Workshop Manage Retention Policies / Create / Read / Update data retention policies. / Feature is tied to Box Governance service package. 

17 Box Platform Developer Workshop Enable Integrations / Enables the usage of Box Elements 

18 Box Platform Developer Workshop Box Platform Making your first API call 

19 Box Platform Developer Workshop Live Example • Authenticating and authorizing a JWT / OAuth 2 app with the Box SDKs. Auth Requests with the Box SDKs 

20 Box Platform Developer Workshop Box Platform User Types 

21 Box Platform Developer Workshop Managed User Service Account / App User External User Same as a managed user, but is not part of the same enterprise as the app. These are users that have been collaborated into content by a user in the enterprise. A regular Box user that is part of the same enterprise as the app. This user account can be accessed by the API or by logging in to box.com Programmatic accounts representing the app or a user. These accounts can only be accessed through API calls. Types of Users Defined within Box 

22 Box Platform Developer Workshop Live Example • Use the SDK to generate a new application user. • Use the SDK to generate a new managed user Creating new app and managed users 

23 Box Platform Developer Workshop Box Platform Service Accounts 

24 Box Platform Developer Workshop What is a Service Account 

25 Box Platform Developer Workshop Service Account Details • A user account that represents your application in an enterprise. • Can only be accessed programmatically. • Has its own file storage. • Generated automatically with a new JWT application. • By default, a service account only has access to its own data store. • Access to app users / managed users has to be explicitly enabled and requested. Access Rights 

26 Box Platform Developer Workshop Service Account Architecture 

27 Box Platform Developer Workshop Service Account User Account Maintain all user an application data within the service account. Users will be collaborated in on content. User specific data is maintained in the individual user account. All data access requests are made on behalf of the user. Where to Store User and Application Data 

28 Box Platform Developer Workshop Storing Data in the Service Account (Overview) • Improved data security due to tight controls over data location and sharing • Data retention and migration improves following customer deletion, as the user collaboration is simply removed. Benefits • Architecture complexity increases as a separate user folder structure needs to be maintained in the service account. • Single point of failure. Concerns 

29 Box Platform Developer Workshop Storing Data in the User Account (Overview) • Data is retained and owned by each user. • Simple repeatable architecture on each user account. Benefits • Data retention after customer deletion requires data migration or loss. • App has no control over data integrity. Concerns 

30 Box Platform Developer Workshop Users and Permissions 

31 Box Platform Developer Workshop App Users No User Access All Users Service account can access its own content, app user content, as well as content of any users in the enterprise Service account can access its own content and content for any app users it creates Service account can only access its own content User Access Levels for a Service Account 

32 Box Platform Developer Workshop Application Access • Application: Only access data and users within the JWT app. • Enterprise: Access data and users within the app as well as the entire enterprise that the app is a part of. 

33 Box Platform Developer Workshop Advanced Features • Perform actions as users: Use an As-User header with each request to act on behalf of a user. Access token passed is for service account. • Generate user access tokens: Create an access token scoped to a user account and use that token for each request. 

34 Box Platform Developer Workshop User Access Application Access Advanced Features No User Access Application None set App Users Only Application One or both set App and Managed Users Enterprise One or both set Setting User Access for the Service Account Settings to use to get the desired level of user access for a service account 

35 Box Platform Developer Workshop Live Example • Switch between user accounts and service accounts. • Upload files with a user account & service account. Working with Service Accounts 

Introduction to Box APIs https://speakerdeck.com/jcleblanc/introduction-to-box-apis Jonathan LeBlanc Director of Developer Advocacy, Box Twitter: @jcleblanc Github: https://github.com/jcleblanc