We want to make you aware of a recent effort by certain third-party bad actors to leverage free Box developer accounts in a social engineering attack on certain Box free individual accounts. Upon discovery of this issue, Box decided to temporarily disable new sign-ups for free developer accounts while we work to implement additional technical controls to prevent similar efforts in the future. The security and integrity of our Service is of utmost priority to Box, and we must ensure that we are providing the most secure product experience to our customers.
We understand that some Enterprise customers use these free developer accounts for their own business purposes, and that they may have questions about their inability to sign-up new free accounts. Please use the following talking points when addressing these Customers’ questions or concerns:
Any free developer accounts that were in place before March 9, 2023 are unaffected by this action;
Customers may continue to use these pre-existing accounts, in particular they may continue to invite new/additional collaborators within their organization to work within those existing developer accounts;
Enterprise customers always have the ability to start a sandbox environment for non-production development purposes.
No timeline for turning the console on, but we are working through making the process more secure.
As updates become available, we will share those more broadly with account teams and any customers who have questions about this issue. In the meantime, please reach out to firstname.lastname@example.org with additional questions or concerns.
If your current developer account has both access to the administrator console and the developer console, you’re golden, keep working.
If you are working for a Box enterprise customer they can request a sandbox, which is an isolated Box environment, to proceed with your coding.
For details about the sandbox, take a look at this support note.
If you do not have access to a Box enterprise account, you can still use the free account but you will be limited to OAuth2 authentication applications. Of Course you can always generate a developer token.
For most use cases, this will be sufficient, and you’ll be able to work with most of the API endpoints, that deal with:
I have found Spencer Easton’s Service Account solution for Google Cloud on JWT authentication while building a script for downloading media items from Google Photos to Box. After 7 hours of non-stop trial and error, it worked. (God sent GPT)
Then I hit another wall.
Then I came here.
This time I learned Box had closed down new developer accounts.
I have also tried the developer token and established the connection at least. But that will be temporary.
I have been using Box for 10 years but recently I decided to develop solutions on it. I was a Box advocate for many years and promoted it to hundreds of people. So Box was calling me for Beta tests always.
I am planning to promote more Box integrations and company-wide usage for my organizations and clients. It would be great to hear your thoughts, guys. Since the issue was open for nearly 9 months, I reckon.
As I mentioned in our private conversation, the free developer accounts are going to be back soon. In fact I’m happy to report to the community that a lot of progress has been made and this issue is not at all forgotten.
I’m not even sure what stack (python, java, c#, node) you’re using. However I did create a mini python app that you can run and it collects the OAuth 2.0 tokens. You could then grab these and temporarily use them on your app, even if server side.