Box
Forward SAP documents to Box enterprise folders. Supports JWT, Client Credentials Grant, and OAuth authentication with automatic versioning and compliance features.
Use Cases
- Enterprise content management for SAP documents
- Regulated industry document storage
- Compliance and audit-ready archival
Forward SAP documents to Box. FileRelay supports three authentication methods — Client Credentials Grant (CCG), JWT, and OAuth 2.0 — making it suitable for enterprise environments with strict security and compliance requirements. Name conflicts are handled with automatic versioning.
Setup
Option 1: Client Credentials Grant (Recommended)
- Go to the Box Developer Console and click Create New App
- Select Custom App and choose Server Authentication (Client Credentials Grant) as the authentication method
- Under Configuration, copy the Client ID and Client Secret
- Set the App Access Level to App + Enterprise Access if you need to write to folders owned by managed users
- Under Application Scopes, enable Write all files and folders stored in Box
- Have a Box Admin authorize the app in Admin Console > Apps > Custom Apps Manager > Add App using the Client ID
- In FileRelay, add a Box destination with
auth_typeset toccgand provide the Client ID and Client Secret
Option 2: JWT Authentication
- Create a Custom App in the Box Developer Console with Server Authentication (with JWT)
- Under Configuration, generate a Public/Private Keypair and download the JSON config file
- Enable the required application scopes (Write all files and folders)
- Submit the app for admin authorization in the Box Admin Console
- In FileRelay, add a Box destination with
auth_typeset tojwtand provide the Client ID, Client Secret, and JWT configuration details
Option 3: OAuth 2.0
- Create a Custom App with User Authentication (OAuth 2.0)
- Configure a redirect URI and complete the standard OAuth authorization code flow to obtain a refresh token
- In FileRelay, add a Box destination with
auth_typeset tooauthand include the Client ID, Client Secret, and refresh token
REPLACE: Screenshot of the Box connector configuration form in FileRelay
How It Works
FileRelay authenticates with Box using the selected method, resolves the target folder by ID, and uploads documents via the Box Content API. If a file with the same name already exists in the folder, Box creates a new version rather than a duplicate — preserving the version history.
For files larger than 50MB, FileRelay uses chunked upload sessions for reliable delivery.
Folder Structure
Documents are uploaded to:
{folder_id}/{subfolder}/{doc_id}.{ext}
- folder_id — the configured Box folder (default
0for root) - subfolder — automatic subfolder based on routing rules; created if it does not exist
- doc_id — the SAP document ID
- ext — file extension based on MIME type
The folder_id is the numeric ID visible in the Box web URL:
https://app.box.com/folder/123456789
└── folder_id
Use 0 to target the root folder of the service account (CCG/JWT) or authenticated user (OAuth).
Authentication Comparison
| Method | Best For | User Context | Token Management |
|---|---|---|---|
| CCG | Server-to-server, enterprise | Service account or managed user | Fully automatic |
| JWT | Server-to-server, highest security | Service account | Fully automatic |
| OAuth | User-specific access | Authenticated user | Requires refresh token |
CCG is recommended for most FileRelay deployments because it requires the least setup, tokens are managed automatically, and no key files need to be stored.
Box Application Scopes
Configure these scopes in the Box Developer Console under your app's Configuration tab:
| Scope | Purpose |
|---|---|
| Write all files and folders stored in Box | Upload files and create folders |
| Manage users | Only needed for CCG/JWT when acting as a specific managed user |
Tips
- Folder ID "0" — Setting
folder_idto0(or leaving it empty) targets the root folder of the service account or authenticated user. For CCG/JWT, this is the service account's own folder, not any particular user's root. - Acting as a user — With CCG or JWT, you can act as a specific managed user by configuring the
as-userheader. This places files in that user's folder tree. The app must have "Manage users" scope enabled. - Versioning — Box automatically versions files with the same name. If you upload
invoice.pdftwice to the same folder, Box keeps both versions accessible. This is useful for SAP documents that may be re-processed. - Compliance features — Box supports retention policies, legal holds, classification labels, and full audit trails. These governance features work transparently with documents uploaded by FileRelay.
- Metadata templates — Box allows custom metadata on files. If your workflow requires metadata tagging, you can configure metadata templates in the Box Admin Console.
- Watermarking — Box can apply watermarks to sensitive documents. Enable watermarking on the target folder if SAP documents require visual access control.
- Admin authorization — Both CCG and JWT apps must be authorized by a Box Admin before they can access enterprise content. If the app is not authorized, uploads will fail with a 403 error.
Configuration Fields
| Field | Type | Required | Description |
|---|---|---|---|
| folder_id | string | Optional | Box folder ID (default: 0 for root folder) |
Credentials
| Field | Type | Required | Description |
|---|---|---|---|
| auth_type | string | Required | Authentication type: ccg, jwt, or oauth |
| client_id | string | Required | Box Application Client ID |
| client_secret | string | Required | Box Application Client Secret |
All credentials are encrypted at rest using envelope encryption.
Ready to set up Box?
Create a free account and add this connector in under 2 minutes.