I have a Box enterprise account, and I want to create a client object that can perform various operations on behalf of enterprise users. My goal is to access and manage files and folders. To achieve this, I’ve explored two authentication methods: developer tokens and JWT authentication. Is it true that developer tokens should not be used for production? If yes then I am left with JWT Authentication.
JWT Authentication: I’ve looked into JWT authentication, which appears to be suitable for server-to-server communication. However, I’m unsure about how to set up the following JWT authentication parameters:
jwt_key_id
rsa_private_key_file_sys_path
rsa_private_key_passphrase
Additionally, I would like to know how to create a client object using JWT authentication to access enterprise users’ data and perform operations as the Service Account or individual App Users.
I’m interested in using JWT (JSON Web Token) authentication with Box to access and manage files and folders on behalf of enterprise users. However, I want to ensure that this method won’t affect the ability of Box users to log in to their Box accounts and grant access to my app when they choose to do so.
Will using JWT authentication prevent Box users from signing in to their Box accounts and granting access to my app?
How should I generate the rsa_private_key_passphrase when creating a private key for JWT authentication?"