Box Developer Documentation

App Token Auth

App Token Auth

Server-side authentication using App Tokens is an alternative way to authenticate to the Box API with fixed, long-lived Access Tokens that are restricted to the application's Service Account. App Token Auth is intended to be used by applications leveraging Box View.

App Token Restrictions

A server-side App Token is an authentication method where the application only has access to read and write data to its own account. By using this authentication method there is no need to authorize a user as the application is automatically authenticated as the Service Account that belongs to that application.

When to use App Tokens

Server-side authentication with App Tokens is the ideal authentication method for apps that:

  • Want to leverage Box's preview services via Box View
  • Work in an environment that either has no user model, or has users that don't have Box accounts
  • Want to use their own identity system
  • Don't want users to have to know that they are using Box
  • Want to store data in the application's Service Account and not a user's account