Client Credentials Grant

Kourtney Meiss
Nov 19, 2020 · 2 min read
Image for post
Image for post

We are excited to announce a new server authentication method: Client Credentials Grant. Prior to today, we required a public/private key pair and assertion to verify an application’s identity and retrieve an Access Token. Now, with this open standard, you can request a token using only your client ID and client secret!

This authentication method is only available to new applications using the Custom Application app type and will not impact any existing applications. In addition, when you select your authentication method, you will now be unable to switch to another without creating a brand new application. To give Box Admins more visibility and control over what applications they approve, we will include the selected authentication method in the Enterprise Authorization request.

Similarly to generating a key pair via the Box Developer Console, we will now require your Box account to have 2FA enabled in order to view or copy your application’s client secret. As always, your client secret is confidential and should be protected. You can easily reset it at any time with the click of a button.

The Client Credentials Grant type is best used when creating machine to machine integrations where no end-user authentication is required. It’s the fastest and easiest way to prototype or script against your Box enterprise. In most cases, this grant type is used so that the server can act on behalf of the Box application. All applications leveraging the Client Credentials Grant type have an associated Service Account, which is an admin-like user that represents the application. For this reason, these applications require explicit authorization by a Box admin before use. Once approved, your application will make requests as the Service Account user by default.

To learn more about the Client Credentials Grant type, please visit our guide on JWT authentication without an SDK.

Box Developer Blog

News and stories for working with the Box APIs

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store