Box Service Account



On This Page

Overview

The Box connector in DryvIQ allows you to analyze, migrate, copy, and synchronize file to your Box account from cloud storage repositories and on-premise network file shares. The first step is to create the Box connection by providing the connection information required for DryvIQ to connect to the server. The connector can be created using a standard Box account or a Box Service Account. Service Accounts have additional advantages such as improved rate limits or optimizations for migrations that should be considered when defining a project. 

For more information on how to create a service account, please refer to the Box Service Accounts | How to Create page.

For more information on creating a standard Box connection, please refer to the Box connector page.

Even though simulation mode doesn’t move data, Box will identify activity on accounts during simulation mode. Therefore, your Box administrator should turn off Box security notifications when Box is the source connector on copy jobs or when Box is used in sync jobs. This prevents users from getting security notifications about activity on their accounts.


Create Connection | DryvIQ Application User-Interface

  1. Select Connections > Add connection.

  2. Select Box (Service Accounts) as the platform on the Add connection modal.

  3. Enter the connection information. Reference the table below for details about each field.

  4. Test the connection to ensure DryvIQ can connect using the information entered.

  5. Select Done.

 

Add Connection Modal - Box (Service Accounts)

 

 

Field

Notes

Required

Field

Notes

Required

Display as

Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists.

Required

User Type

Required

Connect as a standard user

Select this option to create a standard connection to access a user's files and folders. This is the default selection. 

 

Connect as an administrator

Select this option to create an administrator connection, This requires administrator privileges and grants access to all accounts within the organization. This option is often used along with impersonation to simplify transferring multiple user accounts. When connected as an administrator, the first level of folders will be user names.

 

 

 

 

Client ID 

This value will be provided by your administrator. It can be found in your Box Developers Console or in the boxAppSettings section of {{public key}}_config.json.

Required

Client Secret 

This value will be provided by your administrator. It can be found in your Box Developers Console or in the boxAppSettings section of {{public key}}_config.json. 

Required

Enterprise ID

Enter the Enterprise ID if the connection will list content for all users on your connection root. This field is not required when an Account ID is being used. 

The Enterprise ID cannot be used with an Account ID; the options are mutually exclusive.

Required if not using an Account ID

Account ID 

Enter the account ID (user ID) if the connection will impersonate a single account. This field is not required when an Enterprise ID is being used. 

The Account ID cannot be used with an Enterprise ID; the options are mutually exclusive.

Required if not using an Enterprise ID

Public Key ID

Enter the public key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json.

Required

Private Key

Enter the private key for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. 

When you download the {{public key}}_config.json, the private key is displayed in the privatekey element. It looks something like this: 

"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n",

You only need to add the values between the quotation marks. In the above example, you would add the following as the private key:

-----BEGIN ENCRYPTED PRIVATE KEY-----\xYZXYZxYZXyzxyzx.....................A0b0CAB0cAbCaBcabcabCA+B\noi0=\n-----END ENCRYPTED PRIVATE KEY-----\n

Required

Password 

Enter the password for the account. This value can be obtained from your manually generated keypair or in the boxAppSettings section of {{public key}}_config.json. The password is generated by Box when created via the download keypair from your Box Developers Console.

Required

Behavior When Deleting Items

Select the type of delete DryvIQ should perform when deleting items: Permanent or Soft. Soft delete is the default delete behavior; however, Permanent is the recommended behavior. 

A soft delete marks items as a deleted. You can still access them to restore or permanently delete the items.

A permanent delete removes the items. This delete is not reversible.  

Optional

 

Features and Limitations 

Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations. 

Files and Folders

Below is list of Box's supported and unsupported features  as well as additional file/folder restrictions. 

Supported Features

Unsupported Features 

Other Features/Limitations

Supported Features

Unsupported Features 

Other Features/Limitations

Version preservation

Restricted types

Invalid characters: \  /  
(See Invalid Characters and Spaces below.)

Timestamp preservation

 

File size maximum: Varies
(See File Size Limits below.)

Author/Owner preservation 
(See Owner Permissions below.)

 

Path length maximum: n/a
(See Path Lengths below.)

File lock propagation

 

Segment path length: 255
(See Path Lengths below.)

Mirror lock ownership

 

No leading spaces in file name/folder names

Account map

 

No trailing spaces in folder names, file names, or file extensions
(See Invalid Characters and Spaces below.)

Group map
(See Group Maps below.)

 

No non-printable characters
Any non-printable ASCII characters will not be filtered by DryvIQ.

Permission preservation

 

Box has download limitations for the number of folders and files contained in one folder. Please consult Box documentation for further details.

User impersonation

 

Box accounts that do not have administrator-level access cannot remove group permissions on files during a job transfer.

Metadata map

 

Google document types natively created on Box can be moved and will maintain formatting. However, they will have the native Google file extensions (.gdoc, .gsheet, etc.).

Tags map

 

The maximum tag size in Box is 255 characters. You can enter more characters than the maximum, but Box will truncate it down to 255 characters.

Box Comments

DryvIQ does not support transferring Box comments from folders and files. 

Box Notes

DryvIQ offers the offers the option to convert Box Notes when migrating to other platforms. This option is turned on on the Behaviors page when creating a job by enabling the Allow Rendition toggle. 

When enabled, Box Notes will be transferred to other platforms as docx files.

When disabled, Box Notes will be transferred in JSON format.

Enabling renditions will cause your job to run slower since Box doesn't support native event detection for Box Note files and must crawl to detect changes.

Supported Box Notes Features

  • Heading 1

  • Heading 2

  • Heading 3

  • Body

  • Bold

  • Italitcs

  • Underline

  • Strikethrough

  • Font Sizes 9 thru 21

  • Text Color

  • Text Highlight

  • Alight Left, Center, Right and Justify

  • Check list

  • Bullet list

  • Numbered List

  • Uploaded image from computer

  • Image via Box link

  • Table

  • Divider Line

  • Code Block

  • Block Quote

 

Unsupported Box Notes Features

  • Preview image via link. Preview images are not supported when converting Box Notes to .docx files since there is not enough information available for DryvIQ to download the image.

  • Call Out

  • Table of Contents

  • Edits to the .docx file on the destination are not transferred to the original Box Note on the source for sync jobs.

Box Notes to SharePoint Online

When transferring Box Notes from Box to SharePoint Online without the Rendition feature enabled (transferring the Box Notes in .json format), Box Note files will transfer; however, edits to Box Notes will not be picked up, and manual intervention is required. Below is an outline of how Box Notes are handled on the initial and subsequent job runs.

 

First Job Run

  • Box Note files transfer to SharePoint Online as expected, preserving the extension.

  • The file version history transferred to the destination reflects every edit that occurred on the Box Note file in the Box source application.


Second Job Run

  • If changes are made to the Box Note file on the source in between job runs, the new version is not transferred to the destination.

Resolution

  • Perform a soft job reset and run the job again. This will re-evaluate the new edits/versions that occurred on the source Box Note file. (See Job | Reset Options for information on how to reset jobs.)

Box Enterprise Plus

Box Enterprise Plus offers a maximum file size upload limit of 32 GB. DryvIQ requests the maximum file size limit from Box; there are no artificial limits placed by DryvIQ. When creating any Box connection, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter.

Character Sanitization

DryvIQ will sanitize file names that contain combined Unicode characters by replacing the characters with an underscore (_).

Content Created by External Users

DryvIQ will transfer content created by external users that have been granted edit rights to internal folders. Owner/Author preservation for content created by external users will not be preserved as it is not supported by the platforms. DryvIQ will default to the transfer account to populate the "CreatedBy" field on the destination.

File Size Limits

The maximum file size limit for uploads to Box can be between 250 MB to 150 GB depending on your Box account. There is no maximum file size limit coded with DryvIQ. Instead, DryvIQ will evaluate the user profile and retrieve the max_upload_size parameter when the Box connection is created. DryvIQ will respect the limit provided as the maximum file size for this connection. See Box's Understand the Maximum File Size You Can Upload to Box support document for more information. 

Folder Size Limits

Box limits folder contents to 15,000 files, but recommended no more than 10,000 files to ensure performance. DryvIQ follows the 10,000 file limit per folder. If a folder has more than 10,000 items, DryvIQ will flag it with the error, “The path exceeds the maximum number of 10,000 children.” Refer to the Box Support forum for more information about Box subfolder limits.

Group Maps

When creating a group map where Box is the destination, you must provide the Box ID in order for the map to work.

Invalid Characters and Spaces

DryvIQ verifies file and folder names to identify unsupported characters based on the platform. It then replaces invalid characters with an underscore (_) so the files and folders can be transferred. 

The logic includes leading and trailing spaces in file and folder names. DryvIQ replaces the space rather than trimming it because trimming the space could cause duplicate file names. Adding the underscore ensures the name remains unique.

Owner Permissions

DryvIQ doesn’t expose owner permissions when migrating from Box. When the account running the job is the owner of the content but the user map between that account and the destination account don’t match, DryvIQ won’t grant privileges to the audit trail creator, so the owner will not be able to access the content.

Path Lengths

Box does not impose restrictions for the total path length.

Segment path lengths are limited to 255 character. Segments are delimited by a forward slash (/). For example, <max 255 characters>/<max 255 characters>.

When transferring from Box, DryvIQ will filter out links shared to specific users and log an entry in the audit log that the shared links were not preserved due to the global sharing policy.

Server Time

When installing DryvIQ, you must ensure the time on the server running DryvIQ is set to the same time as the Box platform or, preferably, a minute or two behind. The Box platform uses UNIX time; you can find the UNIX timestamp by visiting https://www.unixtimestamp.com/ . (Enter the current time of the DryvIQ server on this site to get the UNIX time of Box and the application server. (Refer to the image below.)

Your Box connection from DryvIQ will fail to make a successful connection if the DryvIQ server time is ahead of the Box platform time because the access token will be expired by the time it is returned from Box.

 

TimeStamp Converter

 


Create Connection | REST API

Box (Service Account) Connection | Scoped to Access All Users (enterprise_id)

Use the Enterprise ID to list content for all users on your connection root. Box Service Account connections require Administrator privileges to use the impersonation feature. Co-administrators do not have the required permissions to perform impersonation.

POST {{url}}v1/connections/ { "name": "Box Service Account (Access All Users)", "platform":{ "id":"box-service" }, "auth":{ "private_key":"-----BEGIN ENCRYPTED PRIVATE KEY-----\#########----END ENCRYPTED PRIVATE KEY-----\n", "password":"{{passphrase}}", "client_id":"{{clientID}}", "client_secret":"{{clientSecret}}", "public_key_id":"{{publicKeyID}}", "enterprise_id": "{{enterpriseID}}," "delete_behavior": "permanent" } }

 

Box (Service Account) Connection | Single Account Impersonation (user_id)

Use the user_id to impersonate a single account.

POST {{url}}v1/connections/ { "name": "Box Service Account (UserName)", "platform":{ "id":"box-service" }, "auth":{ "private_key":"-----BEGIN ENCRYPTED PRIVATE KEY-----\#########----END ENCRYPTED PRIVATE KEY-----\n", "password":"{{passphrase}}", "client_id":"{{clientID}}", "client_secret":"{{clientSecret}}", "public_key_id":"{{publicKeyID}}", "user_id": "{{userID}}," "delete_behavior": "permanent" } }

 

Path Example: Box Service Account Connection

The path should include impersonation. Box Service Account connections require Administrator privileges to use the impersonation feature. Co-administrators do not have the required permissions to perform impersonation.

{ "name":"Simple Job", "kind": "transfer", "transfer": { "transfer_type": "copy", "source": { "connection": { "id": "{{BoxServiceAccount_connection_sourceID}}" }, "impersonate_as": { "email": "user@company.com" }, "target": { "path": "/sourceFolder" } }, "destination": { "connection": { "id": "{{OneDriveForBusiness_connection_destinationID}}" }, "target": { "path": "/Documents/destinationFolder" } }, "simulation_mode": false }, "schedule": { "mode": "manual" }, "stop_policy": { "on_success": 5, "on_failure": 5, "on_execute": 25 }, "category": { "name": "Report {Name}" } }

 

Related











DryvIQ Migrate Version: 5.6.2.4175
Release Date: March 7, 2024