--- title: Box API Integration on Truto slug: box category: Cloud Storage canonical: "https://truto.one/integrations/detail/box/" --- # Box API Integration on Truto **Category:** Cloud Storage **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Activities** — Activities are the actions performed by users in the source application. - **Users** — The User object represents a User. ### Unified File Storage API - **Drive-Items** — Drive Items are the files and folders present in a file storage system. These items are usually part of a Drive. You can differentiate between files and folders using the type attribute. - **Files** — [DEPRECATED] The file represent a file in File Storage. - **Folders** — [DEPRECATED] The folder represent a folder in File Storage. - **Groups** — Groups represent a collection of users. They could be grouped based on departments, projects, permissions, etc. - **Users** — Users represent the people using the underlying file storage system. ## How it works 1. **Link your customer's Box account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Box.** The Proxy API is a 1-to-1 mapping of the Box API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Centralize document storage without duplicating files** — SaaS companies can let their users attach and reference files directly from Box instead of uploading copies into the app. This keeps Box as the governed single source of truth while the SaaS product works with file references, metadata, and previews. - **Auto-provision folder structures for new entities** — When a user creates a project, deal, or case in your SaaS product, automatically generate a standardized folder hierarchy in their Box account and assign the right group or user-level access — no manual setup required. - **Export generated artifacts to Box automatically** — SaaS products that produce reports, invoices, contracts, or other documents can push them directly into pre-configured Box folders, ensuring enterprise retention policies and audit trails apply from the moment a file is created. - **Sync user directories for permission mapping** — By reading Box users and groups through the Unified User Directory API, SaaS companies can map their own app's roles and permissions to Box access controls, ensuring the right people see the right content. - **Surface file activity in your product's audit logs** — Pull Box activity data — like who downloaded, previewed, or modified a file — into your SaaS app's analytics or compliance dashboards, giving users a unified view of content interactions without leaving your product. ## What you can build - **In-app Box file browser and picker** — Let end users browse their Box folder hierarchy, select files, and link them to records in your app using the Unified File Storage API's Drive-Items, Files, and Folders resources. - **Automated deal room folder provisioning** — When a new deal, project, or client record is created, automatically spin up a templated Box folder structure and grant access to the relevant user groups. - **Document export pipeline to Box** — Automatically upload PDFs, reports, or signed contracts generated in your app into the correct Box folder, keeping enterprise governance intact. - **User and group directory sync** — Pull Box users and groups into your app to power permission mapping, access control UIs, or people-picker components using the Unified User Directory API. - **Content activity feed** — Display a real-time activity stream showing file views, downloads, and edits from Box directly inside your product's dashboards using the Activities resource. - **Cross-storage file migration and organization** — Move or copy files between Box folders programmatically when workflow states change in your app — for example, archiving completed project files into a long-term retention folder. ## FAQs ### What authentication method does Box use, and how does Truto handle it? Box uses OAuth 2.0 for user-level authentication. Truto manages the full OAuth flow — token exchange, refresh, and storage — so your team never has to build or maintain auth logic. Your end users simply connect their Box account through Truto's managed auth flow. ### Which Box data can I access through Truto's Unified APIs? Through the Unified File Storage API you can work with Drive-Items, Files, Folders, Groups, and Users. Through the Unified User Directory API you can access Users and Activities. These cover core file operations, folder management, user/group directory lookups, and activity tracking. ### Does Truto handle Box API rate limits and pagination automatically? Yes. Truto abstracts away Box's API-specific pagination (marker-based and offset-based) and manages rate limit backoff, so your application receives consistent, complete responses without needing to implement retry logic. ### Can I use Truto to write data back to Box, such as creating folders or uploading files? The Unified File Storage API supports write operations on Files and Folders. You can create folders, upload files, and organize content programmatically. Specific tool availability for Box is built on request — contact Truto to confirm the exact write operations you need. ### How does the Unified API approach work if I also need to integrate other cloud storage providers? Truto's Unified File Storage API uses a common schema across providers. If you build against the Unified API for Box (Files, Folders, Drive-Items, Users, Groups), the same integration code works with other supported storage platforms, reducing the effort to ship multi-provider support. ### Are there any Box-specific features that require custom handling outside the Unified API? Box features like metadata templates, Box Sign, Box Relay workflows, and UI Elements (e.g., Content Previewer) are Box-specific and not part of the Unified API schema. For these, Truto can provide proxy API access to Box's native endpoints, letting you call them through Truto's auth and connection management layer.