Box Service Account
On This Page
- 1 Overview
- 2 Features and Limitations
- 2.1 Files and Folders
- 2.2 Box Comments
- 2.3 Box Notes
- 2.4 Box Enterprise Plus
- 2.5 Character Sanitization
- 2.6 Content Created by External Users
- 2.7 File Size Limits
- 2.8 Folder Size Limits
- 2.9 Group Maps
- 2.10 Invalid Characters and Spaces
- 2.11 Link Format for Link Remediation
- 2.12 Owner Permissions
- 2.13 Path Lengths
- 2.14 Shared Links
- 2.15 Server Time
- 3 Create Connection | REST API
- 4 Related
Overview
The Box connector in DryvIQ allows you to analyze, migrate, copy, and synchronize file to your Box account from cloud storage repositories and on-premise network file shares. The first step is to create the Box connection by providing the connection information required for DryvIQ to connect to the server. The connector can be created using a standard Box account or a Box Service Account. Service Accounts have additional advantages such as improved rate limits or optimizations for migrations that should be considered when defining a project.
For more information on how to create a service account, please refer to the Box Service Accounts | How to Create page.
For more information on creating a standard Box connection, please refer to the Box connector page.
Even though simulation mode doesn’t move data, Box will identify activity on accounts during simulation mode. Therefore, your Box administrator should turn off Box security notifications when Box is the source connector on copy jobs or when Box is used in sync jobs. This prevents users from getting security notifications about activity on their accounts.
Create Connection | DryvIQ Application User-Interface
Select Connections > Add connection.
Select Box (Service Accounts) as the platform on the Add connection modal.
Enter the connection information. Reference the table below for details about each field.
Test the connection to ensure DryvIQ can connect using the information entered.
Select Done.
Add Connection Modal - Box (Service Accounts)
Field | Notes | Required |
---|---|---|
Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. | Required |
User Type | Required | |
Connect as a standard user | Select this option to create a standard connection to access a user's files and folders. This is the default selection. |
|
Connect as an administrator | Select this option to create an administrator connection, This requires administrator privileges and grants access to all accounts within the organization. This option is often used along with impersonation to simplify transferring multiple user accounts. When connected as an administrator, the first level of folders will be user names. |
|
|
|
|
Client ID | This value will be provided by your administrator. It can be found in your Box Developers Console or in the boxAppSettings section of {{public key}}_config.json. | Required |
Client Secret | This value will be provided by your administrator. It can be found in your Box Developers Console or in the boxAppSettings section of {{public key}}_config.json. | Required |
Enterprise ID | Enter the Enterprise ID if the connection will list content for all users on your connection root. This field is not required when an Account ID is being used. The Enterprise ID cannot be used with an Account ID; the options are mutually exclusive. | Required if not using an Account ID |
Account ID | Enter the account ID (user ID) if the connection will impersonate a single account. This field is not required when an Enterprise ID is being used. The Account ID cannot be used with an Enterprise ID; the options are mutually exclusive. | Required if not using an Enterprise ID |
Public Key ID | Enter the public key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. | Required |
Private Key | Enter the private key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. When you download the {{public key}}_config.json, the private key is displayed in the privatekey element. It looks something like this: "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n", You only need to add the values between the quotation marks. In the above example, you would add the following as the private key: -----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n | Required |
Password | Enter the password for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. The password is generated by Box when created via the download keypair from your Box Developers Console. | Required |
Behavior When Deleting Items | Select the type of delete DryvIQ should perform when deleting items: Permanent or Soft. Soft delete is the default delete behavior; however, Permanent is the recommended behavior. A soft delete marks items as a deleted. You can still access them to restore or permanently delete the items. A permanent delete removes the items. This delete is not reversible. | Optional |
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
Files and Folders
Below is list of Box's supported and unsupported features as well as additional file/folder restrictions.
Supported Features | Unsupported Features | Other Features/Limitations |
---|---|---|
Invalid characters: \ / | ||
| File size maximum: Varies | |
Author/Owner preservation |
| Path length maximum: n/a |
| Segment path length: 255 | |
| No leading spaces in file name/folder names | |
| No trailing spaces in folder names, file names, or file extensions | |
Group map |
| No non-printable characters |
| Box has download limitations for the number of folders and files contained in one folder. Please consult Box documentation for further details. | |
| Box accounts that do not have administrator-level access cannot remove group permissions on files during a job transfer. | |
| Google document types natively created on Box can be moved and will maintain formatting. However, they will have the native Google file extensions (.gdoc, .gsheet, etc.). | |
| The maximum tag size in Box is 255 characters. You can enter more characters than the maximum, but Box will truncate it down to 255 characters. |
Box Comments
DryvIQ does not support transferring Box comments from folders and files.
Box Notes
DryvIQ offers the offers the option to convert Box Notes when migrating to other platforms. This option is turned on on the Behaviors page when creating a job by enabling the Allow Rendition toggle.
When enabled, Box Notes will be transferred to other platforms as docx files.
When disabled, Box Notes will be transferred in JSON format.
Enabling renditions will cause your job to run slower since Box doesn't support native event detection for Box Note files and must crawl to detect changes.
Supported Box Notes Features
Heading 1
Heading 2
Heading 3
Body
Bold
Italitcs
Underline
Strikethrough
Font Sizes 9 thru 21
Text Color
Text Highlight
Alight Left, Center, Right and Justify
Check list
Bullet list
Numbered List
Uploaded image from computer
Image via Box link
Table
Divider Line
Code Block
Block Quote
Unsupported Box Notes Features
Preview image via link. Preview images are not supported when converting Box Notes to .docx files since there is not enough information available for DryvIQ to download the image.
Call Out
Table of Contents
Edits to the .docx file on the destination are not transferred to the original Box Note on the source for sync jobs.
Box Notes to SharePoint Online
When transferring Box Notes from Box to SharePoint Online without the Rendition feature enabled (transferring the Box Notes in .json format), Box Note files will transfer; however, edits to Box Notes will not be picked up, and manual intervention is required. Below is an outline of how Box Notes are handled on the initial and subsequent job runs.
First Job Run
Box Note files transfer to SharePoint Online as expected, preserving the extension.
The file version history transferred to the destination reflects every edit that occurred on the Box Note file in the Box source application.
Second Job Run
If changes are made to the Box Note file on the source in between job runs, the new version is not transferred to the destination.
Resolution
Perform a soft job reset and run the job again. This will re-evaluate the new edits/versions that occurred on the source Box Note file. (See Job | Reset Options for information on how to reset jobs.)
Box Enterprise Plus
Box Enterprise Plus offers a maximum file size upload limit of 32 GB. DryvIQ requests the maximum file size limit from Box; there are no artificial limits placed by DryvIQ. When creating any Box connection, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter.
Character Sanitization
DryvIQ will sanitize file names that contain combined Unicode characters by replacing the characters with an underscore (_).
Content Created by External Users
DryvIQ will transfer content created by external users that have been granted edit rights to internal folders. Owner/Author preservation for content created by external users will not be preserved as it is not supported by the platforms. DryvIQ will default to the transfer account to populate the "CreatedBy" field on the destination.
File Size Limits
The maximum file size limit for uploads to Box can be between 250 MB to 150 GB depending on your Box account. There is no maximum file size limit coded with DryvIQ. Instead, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter when the Box connection is created. DryvIQ will respect the limit provided as the maximum file size for this connection. See Box's Understand the Maximum File Size You Can Upload to Box support document for more information.
Folder Size Limits
Box limits folder contents to 15,000 files, but recommended no more than 10,000 files to ensure performance. DryvIQ follows the 10,000 file limit per folder. If a folder has more than 10,000 items, DryvIQ will flag it with the error, “The path exceeds the maximum number of 10,000 children.” Refer to the Box Support forum for more information about Box subfolder limits.
Group Maps
When creating a group map where Box is the destination, you must provide the Box ID in order for the map to work.
Invalid Characters and Spaces
DryvIQ verifies file and folder names to identify unsupported characters based on the platform. It then replaces invalid characters with an underscore (_) so the files and folders can be transferred.
The logic includes leading and trailing spaces in file and folder names. DryvIQ replaces the space rather than trimming it because trimming the space could cause duplicate file names. Adding the underscore ensures the name remains unique.
Link Format for Link Remediation
When remediating links from Box, only links in the following format are supported:
<https://<tenant>>.app.box.com/file/<platform id>
<https://<tenant>>.app.box.com/folder/<platform id>
<https://<tenant>>.app.box.com/integrations/officeonline/openOfficeOnline?fileId=<platform Id>&sharedAccessCode=
Owner Permissions
DryvIQ doesn’t expose owner permissions when migrating from Box. When the account running the job is the owner of the content but the user map between that account and the destination account don’t match, DryvIQ won’t grant privileges to the audit trail creator, so the owner will not be able to access the content.
Path Lengths
Box does not impose restrictions for the total path length.
Segment path lengths are limited to 255 character. Segments are delimited by a forward slash (/). For example, <max 255 characters>/<max 255 characters>.
Shared Links
When transferring from Box, DryvIQ will filter out links shared to specific users and log an entry in the audit log that the shared links were not preserved due to the global sharing policy.
Server Time
When installing DryvIQ, you must ensure the time on the server running DryvIQ is set to the same time as the Box platform or, preferably, a minute or two behind. The Box platform uses UNIX time; you can find the UNIX timestamp by visiting https://www.unixtimestamp.com/ . (Enter the current time of the DryvIQ server on this site to get the UNIX time of Box and the application server. (Refer to the image below.)
Your Box connection from DryvIQ will fail to make a successful connection if the DryvIQ server time is ahead of the Box platform time because the access token will be expired by the time it is returned from Box.
TimeStamp Converter
Create Connection | REST API
Box (Service Account) Connection | Scoped to Access All Users (enterprise_id)
Use the Enterprise ID to list content for all users on your connection root. Box Service Account connections require Administrator privileges to use the impersonation feature. Co-administrators do not have the required permissions to perform impersonation.
POST {{url}}v1/connections/
{
"name": "Box Service Account (Access All Users)",
"platform":{
"id":"box-service"
},
"auth":{
"private_key":"-----BEGIN ENCRYPTED PRIVATE KEY-----\#########----END ENCRYPTED PRIVATE KEY-----\n",
"password":"{{passphrase}}",
"client_id":"{{clientID}}",
"client_secret":"{{clientSecret}}",
"public_key_id":"{{publicKeyID}}",
"enterprise_id": "{{enterpriseID}},"
"delete_behavior": "permanent"
}
}
Box (Service Account) Connection | Single Account Impersonation (user_id)
Use the user_id to impersonate a single account.
POST {{url}}v1/connections/
{
"name": "Box Service Account (UserName)",
"platform":{
"id":"box-service"
},
"auth":{
"private_key":"-----BEGIN ENCRYPTED PRIVATE KEY-----\#########----END ENCRYPTED PRIVATE KEY-----\n",
"password":"{{passphrase}}",
"client_id":"{{clientID}}",
"client_secret":"{{clientSecret}}",
"public_key_id":"{{publicKeyID}}",
"user_id": "{{userID}},"
"delete_behavior": "permanent"
}
}
Path Example: Box Service Account Connection
The path should include impersonation. Box Service Account connections require Administrator privileges to use the impersonation feature. Co-administrators do not have the required permissions to perform impersonation.
{
"name":"Simple Job",
"kind": "transfer",
"transfer": {
"transfer_type": "copy",
"source": {
"connection": { "id": "{{BoxServiceAccount_connection_sourceID}}" },
"impersonate_as": { "email": "user@company.com" },
"target": {
"path": "/sourceFolder"
}
},
"destination": {
"connection": { "id": "{{OneDriveForBusiness_connection_destinationID}}" },
"target": {
"path": "/Documents/destinationFolder"
}
},
"simulation_mode": false
},
"schedule": {
"mode": "manual"
},
"stop_policy": {
"on_success": 5,
"on_failure": 5,
"on_execute": 25
},
"category": {
"name": "Report {Name}"
}
}