Box: nodejs SDK authentication

Having spent some time building content functionality with Box’s comprehensive API, I found I needed to graduate from using a Developer Token, which expires after 60 minutes, to a form of persistent authentication to put my work into production.

This took me a little bit of time and some assistance from Box Support to achieve, so I thought I would share my solution with others that might be having similar experiences. My example application is written in JavaScript making use of nodejs and expressjs.

Prerequisites: a Box account; some nodejs knowledge.

Firstly you need to create a Box app: instructions can be found here. When you have created your Box app, ensure that you have Application access set to Enterprise, as illustrated below.


This will allow you to impersonate a managed user, which is key using the API. Once you have your app created you need to click Authorize New App in your Box account’s Admin Console | Business Settings | Apps menu. It is worth noting as well, that every time you modify your Box App in the Dev Console you should authorise your app again.



Now you have your Box app configured and authorised, you can start building an application and making use of Box’s API. One use case I am working towards it the ability to automatically create a predefined folder structure when new cases are created in third party line of business systems.

My application code is outlined below and can be found on GitHub. For more information on the Box nodejs SDK visit this link. I hope this is of some use.

var express = require('express');
var bodyParser = require('body-parser');
var Box = require('box-node-sdk');
var app = express();
var port = process.env.PORT || 3000;

app.use(bodyParser.urlencoded({ extended: true }));

// Box app secrets stored as environment variables.
var boxClientID = process.env.boxClientID;
var boxClientSecret = process.env.boxClientSecret;
var privateKey = process.env.boxPrivateKey;
var publicKeyId = process.env.boxKeyID;
var publicKeyPassphrase = process.env.boxKeyPassphrase;
var boxEnterpriseId = process.env.boxEnterpriseId;
var boxUser = process.env.boxUser;

// Set the sdk up -
var sdk = new Box({
   clientID: boxClientID,
   clientSecret: boxClientSecret,
     appAuth: {
     keyID: publicKeyId,
     privateKey: privateKey,
     passphrase: publicKeyPassphrase

// Create a client.
var client = sdk.getAppAuthClient('enterprise', boxEnterpriseId);
// Set the managed user to impersonate -

// Create an index route for the express application.
app.use('/', function (req, res) {
 // Execute a Box API call when the index route is requested.
 client.users.get(client.CURRENT_USER_ID, null, function (err, userResponse) {
   if (err) {
   } else {
     res.send(userResponse); // This returns the raw JSON from Box's API.

app.listen(port, function (err) {
 if (err) console.log(err);
 console.log('Server is running on port ' + port);

Legacy Planning Search Tool

This project involved bringing together historic content and modern technology to create a new service to search for Planning history within the Borough of Surrey Heath. This is my first foray into the world of pure JavaScript development and one of the most enjoyable projects to date I have worked on.

The aim of this application is to remove the requirement for anyone that wishes to search historic Planning documents, having to visit Surrey Heath’s offices to view this content. To date the application allows customers to search via a map interface and a street search interface. History Record cards that detail the Planning case numbers at different locations can be retrieved from Surrey Heath’s content storage platform. The road map for the application is for customers to be able to request individual Planning case files, that have until recently been accessible via micro fiche or a single PC terminal in Surrey Heath’s reception area.

The application makes use of the following technology:

  • Cloud 9 cloud based development environment
  • nodejs as a JavaScript runtime framework
  • expressjs lightweight web framework
  • Twitter’s typeahead for search auto-complete
  • Leafletjs interactive mapping tools with Marker Clusters for efficient map visualisation
  • Twitter’s Bootstrap responsive front end to accommodate all types of browsing devices
  • Slack for real time monitoring and notifications
  • GitHub for version control
  • Docker to containerize the application removing the requirement to build and maintain a web hosting environment
  • Codefresh for continuous delivery
  • Sloppy IO to host the application that can be embedded into Surrey Heath’s website

Interactions with preexisting tools such as an Address Search API, a History Record Card API, FME Cloud and mean that this application stores no data and acts as a public interface into some of Surrey Heath’s digital services.

Legacy Planning Search Tool

.Net vs JavaScript – nodejs

Conversations and requirements at work recently changed somewhat, shifting towards a web service and cloud transformation slant. These changes have been brought about by increased requirement to create an agile working environment for staff, save money and drive a change in business process within my organisation. This allowed me the opportunity to suggest something I had been interested in doing for a while: learn more about nodejs.

After thoughtful consideration by colleagues it was deemed a good direction to be heading. So I started writing new applications and services in pure JavaScript as opposed to using .Net.

I found great resources on nodeschool to get me started as I wasn’t that familiar with JavaScript, I’ve also subscribed to Pluralsight to really focus on in depth subject matter from some really great teachers.

To answer the question, Why move from .Net if you’re already familiar and experienced with it? I was finding issues with maintaining a development environment and, being the only developer in my organisation: my time is becoming more and more precious. By using nodejs I have shifted almost my entire development work flow to the cloud. Working with JSON and REST feels easier in nodejs, I use Cloud 9 IDE which is fast and cloud based, GitHub for code management and Sloppy IO for deployment of Docker containers. The result is I don’t waste time keeping my development environment running and the machine I use has become irrelevant. I work on the same code files from Windows, Mac or Linux and the services that I deploy are very light weight.

Most importantly I’ve enjoyed the process of migrating to a new environment and I have become more productive as a result.