Service Account - Please clarify


I have created a box connector application for one of my client who is an Enterprise user.
I have used the CCG and approved the application I have created through the Box dev console. So now I have a service account and the requirement is that they will be providing some box urls and based on which we fetch the contents for them.

Now as we use the CCG my understanding is that either we need to use the user id who has access to the said URL folders/files to authenticate so that my application can fetch the details

Or, use the enterprise id but share the said folder/files in box with the service account email so that our application can use. I currently use this method

please confirm if I’m doing it correctly or is their any other way that one account has access to all or my understandng of service account is wrong?

@ajankowski , @mwoda, @rbarbosa

Hi @MBenny ,

That sounds correct, yes.

  • Set the service account as a collaborator in a parent folder or file
  • Use a shared link in a parent folder or file
  • Impersonate the user with the CCG credentials (require the user id)
  • Use the as-user header (require the user id)

There is a 5th option called Global Content Manager (GCM), however this has some serious side effects. Take a look at the link above.