Create a custom app in Box

Before you create a connection to Box, you create a custom app in the Box Developer Console. You can create an app for application-level access that users can use to share files, or you can create an app for enterprise-wide access to all user accounts. With enterprise-wide access, users do not need to share files and folders with the application.

1. Go to the Box Developer Console, and follow the wizard to create a Custom App. For the Authentication Method, select OAuth 2.0 with JWT (Server Authentication).
2. Make the following selections in the Configuration page. Otherwise, keep the default settings.
   1. Select one of two choices for App Access Level:
      • Keep the default App Access Only selection to allow access where users share files.
        
      • Select App + Enterprise Access to create an app with enterprise-wide access to all user accounts.
        
   2. Under Add and Manage Public Keys, click Generate a Public/Private Keypair. This selection requires that two-factor authentication is enabled on the Box account, but you can disable it afterward. The generated key pair produces a config (*_config.json) file for you to download. You will need the information in this file to create the connection in your project.
3. If you selected an App + Enterprise Access, under Advanced Features, select both of these check boxes:
   • Make API calls using the as-user header
   • Generate user access tokens
4. Submit the app client ID to the Box enterprise administrator for authorization: Go to your application in the Box Developer Console and select the General link from the left sidebar in your application. Scroll down to the App Authorization section.

Decrypting a private key

To decrypt a private key using its associated password, Run the following command. This process uses the openssl pkcs8 command to generate an unencrypted version of the private key.

openssl pkcs8 -in private_key.pem -passin file:pass.txt -out private_key_unencrypted.pem

The parameters used are:

private_key.pem

The encrypted private key that was generated and provided to you by Box.

pass.txt

This file contains the password associated with the private key that was generated and provided to you by Box.

private_key_unencrypted.pem

This is the output file that will contain the unencrypted private key after running the command.

Choose the method for creating a connection based on where you are in the platform

In a project

Click Assets > New asset > Connect to a data source. See Adding a connection to a project.

In a catalog

Click Add to catalog > Connection. See Adding a connection asset to a catalog.

In a deployment space

Click Import assets > Data access > Connection. See Adding data assets to a deployment space.

In the Platform assets catalog

Click New connection. See Adding platform connections.

Create the Box connection

Enter the values from the downloaded config file for these settings:

• Client ID
• Client Secret
• Enterprise ID
• Private Key (Replace each \n with a newline)
• Private Key Password (The passphrase value in the config file)
• Public Key (The publicKeyID value in the config file)

Enterprise-wide app

If you configured an enterprise-wide access app, enter the username of the Box user account in the Username field.

Application-level app

Users must explicitly share their files with the app's email address in order for the app to access the files.

1. Make a REST call to the connection to find out the app email address. For example:

   PUT https://api.dataplatform.cloud.ibm.com/v2/connections/{connection_id}/actions/get_user_info?project_id={project_id}

   Request body:

   {}
   

   Returns:

   {
    "login_name": "[email protected]"
   }
   

2. Share the files and folders in Box that you want accessible from watsonx.ai Studio with the login name that was returned by the REST call.

Next step: Add data assets from the connection

• See Add data from a connection in a project.

• See Add data from a connection in a catalog.