JWT with SDKs

JWT with SDKs

The official Box SDKs have built-in support for JWT authentication.

This guide will take you through user authentication using JWT with the use of the Box SDKs. JWT authentication is designed for working directly with the Box API without requiring a user to redirect through Box to authorize your application.


To complete a JWT authorization the following steps need to be completed.

  1. Read the configuration file
  2. Initialize an SDK client

At the end of this flow, the application has a Box SDK client that can be used to make API calls on behalf of the application.

The default method of authentication through JWT is inherently tied to the Service Account for the application. Any API call made with this token will seem to come from this application and will not have access to files and folders from other users without explicitly getting access them.


Before we can get started, you will need to have completed the following steps.

  • Create a Box Application within the developer console
  • Create and download the private key configuration file for your application and save it as config.json
  • Ensure your Box Application is approved for usage within your enterprise

1. Read JSON configuration

After creating a Box Application there should be a config.json file containing the application's private key and other details. The following is an example.

  "boxAppSettings": {
    "clientID": "abc...123",
    "clientSecret": "def...234",
    "appAuth": {
      "publicKeyID": "abcd1234",
      "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n....\n-----END ENCRYPTED PRIVATE KEY-----\n",
      "passphrase": "ghi...345"
  "enterpriseID": "1234567"

To use this object in the application it needs to be read from file.

var reader = new StreamReader("path/to/config.json");
var json = reader.ReadToEnd();
var config = BoxConfig.CreateFromJsonString(json);
Reader reader = new FileReader("path/to/config.json");
BoxConfig config = BoxConfig.readFrom(reader);
from boxsdk import JWTAuth

config = JWTAuth.from_settings_file('path/to/config.json')
var config = require("path/to/config.json");

Parsing JSON

In some programming languages there is more than one way to read and parse JSON from a file. Refer to guides on your preferred programming language for more complete guides, including error handling.

2. Initialize SDK client

The next step is to configure the Box SDK with the configuration and then initialize the client to connect as the application.

var sdk = new BoxJWTAuth(config);
var token = sdk.AdminToken();
BoxClient client = sdk.AdminClient(token);
BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(config);
client = Client(config)
var sdk = BoxSDK.getPreconfiguredInstance(config);
var client = sdk.getAppAuthClient("enterprise");

Service Accounts

At this point the application is authenticated as an application user, not as a managed or app user. Head over to our guide on User Types to learn more about the different types of users.


By now the application should be able to authorize an application using JWT with any of our official SDKs, by using the following steps.

  1. Read the configuration file
  2. Initialize an SDK client

To learn how to use this client head over to the guide on Making API calls.

Using SDKs and JSON Web Tokens

To learn more about JWT for each SDK head over to: