This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Box REST API based integration: Documentation Link

---

⚠️ Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains for DropBox Authentication and storage access: api.box.com

---

⚠️ Restriction:
- REST API does not support resume on upload
- No mdtm (File modification time) changes.
- The REST API does not support streaming during upload. For large file uploads (files larger than 25 MB), CrushFTP temporarily stores the file in the following location: CrushFTP Install Folder/box/<<box username>>

---

Create a new Custom App at Box Developer Console (Box Console Link). Select Custom App as the app type to begin configuring your integration with Box services.


CrushFTP uses the JWT Authentication (More info: Box JWT Link) method provided by Box, not standard OAuth 2.0. When configuring your Box application, make sure to select JWT-based authentication as the authorization method.



In the Custom App’s configuration, select App + Enterprise Access as the authentication method to enable full access for server-side integrations within your Box enterprise environment.



Under Application Scopes, enable the following permissions by checking the boxes:
✅ Write all files and folders stored in Box
✅ Manage users
These scopes are required to allow CrushFTP to upload data and interact with Box user accounts on your behalf.



In the Advanced Features section, check the box:
✅ Make API calls using the as-user header
This allows the application to act on behalf of Box users within your enterprise using the as-user header.



Generate the RSA keypair for JWT authentication by navigating to:
Configuration -> Add and Manage Public Keys, then click Generate a Public/Private Keypair. It will generate the keypair and display the private key only once — ⚠️ be sure to download and securely store it for later use in your CrushFTP Box JWT configuration.



Save your Custom App changes: After configuring your Custom App, make sure to save all changes.
⚠️ Go to the Authorization tab and click Review and Submitto request Box Admin approval. This step is required to activate the app and grant it access to your enterprise data.
⚠️ Important: Any future changes made to the Custom App configuration will require re-authorization. The Box Admin must re-authorize the application after each change to ensure continued functionality.

Dwonload JSON file from Configuration -> App Settings
The JSON file should contains:

{
  "boxAppSettings": {
    "clientID": "ogXXXXXXXXXXXXXXXX",
    "clientSecret": "laAXXXXXXXXXXXX",
    "appAuth": {
      "publicKeyID": "cgXXXXXXXXX",
      "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nXXXXXXXXXXXXXXXXXXXXXnblc=\n-----END ENCRYPTED PRIVATE KEY-----\n",
      "passphrase": "aXXXXXXXXXXXXXXXXXXXXe"
    }
  },
  "enterpriseID": "2XXXXXXXXX5"
}

Box Remote VFS Settings:

Select the Box remote item type.

1. If flag "Store JWT JSON file" is checked.

User name : - box login user name
JWT config: - Copy the entire JWT config JSON file content to the input field.



2. "Store JWT JSON file" is unchecked:

User name : - box login user name
Password: - "clientSecret" from the JSON config file
Client Id: - "clientID" from the JSON config file
Enterprise Id: - "enterpriseID" from the JSON config file
Public Key Id: - "publicKeyID" from the JSON config file
Private Key: - "privateKey" from the JSON config file
Private Key password phrase: - "passphrase" from the JSON config file