Skip to main content
First time creating a connector? Read this first.

Requirements

You will need:
  1. Access to the Developer Console from your Box enterprise account or Box developer account.
  2. A Box Custom App in your Box account, set up to use Server Authentication (with JWT). See Setup with JWT.
  3. The appropriate application scopes and advanced features set up for the Box Custom App, as follows:
    • In the Box Custom App, on the Configuration tab, under Application Scopes, check the box titled Write all files and folders stored in Box.
    • In the Box Custom App, on the Configuration tab, under Advanced Features, check the box titled Make API calls using the as-user header.
    • Click Save Changes before continuing.
  4. Authorization by a Box Admin in your Box account for the Box Custom App. See App Authorization.
  5. Access by your Box account’s source or target folder to your Box Custom App, as follows:
    • In the Box Custom App, on the General Settings tab, copy the Service Account ID (which takes the form AutomationUser_<your-app-service-id>_<a-random-string@boxdevedition.com).
    • Share your Box account’s target folder with the copied service account’s email address as a Co-owner or Editor.
    • Note the remote URL to the target folder, which takes the format box://<path/to/folder/in/account>.
  6. The private key configuration JSON file for the Box Custom App, or a string that contains this file’s contents.
    • To download this file, in the Box Custom App, on the Configuration tab, under Add and Manage Public Keys, click Generate a Public/Private Keypair. Store the downloaded private key configuration JSON file in a secure location.
    • To ensure maximum compatibility across Unstructured service offerings, you should give the private key configuration JSON file information to Unstructured as a single-line string that contains the contents of the downloaded private key configuration JSON file (and not the file itself). To print this single-line string, suitable for copying, you can run one of the following commands from your Terminal or Command Prompt. In this command, replace <path-to-downloaded-key-file> with the path to the private key configuration JSON file that you downloaded by following the preceding instructions.
      • For macOS or Linux: 
        tr -d '\n' < <path-to-downloaded-key-file>
      • For Windows: 
        (Get-Content -Path "<path-to-downloaded-key-file>" -Raw).Replace("`r`n", "").Replace("`n", "")

Document permissions metadata

The source connector outputs any permissions information that it can find in the source location about the processed source files, and associates that information with each corresponding element that is generated. This permissions information is output into the permissions_data field, which is within the data_source field under the element’s metadata field (metadata.data_source.permissions_data). This information lists the users or groups, if any, that have permissions to read, update, or delete the element’s associated source document.
The permissions metadata Unstructured outputs should not be used for runtime authorization or access control enforcement.Unstructured outputs document permissions metadata that is accurate only at the point in time when Unstructured ingested the corresponding document to which those permissions applied. Because this metadata is a point-in-time copy of the permissions in the source location, these metadata outputs that are sent to your destination location are not always guaranteed to match the current permissions in the source location.Also, be aware that Unstructured updates permission metadata for a document only when the document’s content has changed.This is because Unstructured performs incremental processing of documents only when documents’ content has changed—not when only the documents’ permissions have changed. Whenever Unstructured performs incremental processing of documents for a workflow (in other words, if Reprocess All Files is turned off or set to false for a workflow), that worfklow will not output metadata for any document permissions that have been added, changed, or removed since the previous workflow run, unless the corresponding documents’ content has also been changed since the previous workflow run.
Permissions are defined in Box through collaborations, which function similar to access control lists. Collaboration objects are attached to folders, and those collaborations cascade down to everything inside that folder. A file’s effective permissions come from the chain of ancestor folders above it. For more information, see Collaborations overview in the Box developer documentation. To determine a file’s effective permissions, Unstructured traverses the full folder hierarchy for each file, collecting collaborations at every level, and merging them. It also includes collaborations applied directly to the file itself. For more information, see List folder collaborations and List file collaborations in the Box developer documentation. When Unstructured compiles a file’s effective permissions:
  • If the same user or group appears at multiple levels with different roles, Unstructured chooses the least-restrictive role.
  • Unstructured does not include the following in the permission metadata. No sentinel value is written into the permission metadata.
    • all_users_group: Box’s built-in group representing every user in the enterprise.
    • is_access_only: Collaboration property that determines whether, for collaborators, to display the items in the All Files list and let them see the path to the root folder for the shared item.
  • Unstructured only includes collaborations with a status of accepted. It does not include collaborations with a status of pending or rejected.
Unstructured includes a maximum of 500 permissions per file. Unstructured maps Box roles to read, update, and delete access:
Box roleBox accessUnstructured permission metadata
ownerFull accessread, update, delete
co-ownerFull access except transfer ownershipread, update, delete
editorView, download, upload, edit, delete, copy, move, renameread, update
viewerPreview, download, commentread
previewerPreviewread
viewer uploaderPreview, download, uploadread
previewer uploaderPreview, uploadread
uploaderUpload and see item namesexcluded entirely
Note the following:
  • Unstructured excludes the uploader role because it confers no read, update, or delete access.
  • Unstructured maps the Box editor role to read and update access but not delete, even though that role does allow deleting files.
For more information, see Understanding collaborator permission level at Box Support.

Identifier format

Users and groups are identified by the numeric ID that Box assigns them. To retrieve information about a specific user or group, use appropriate Box API with the corresponding ID:

Metadata output example

The following example shows what the output looks like. Ellipses indicate content that has been omitted from this example for brevity. 
[
    {
        "...": "...",
        "metadata": {
            "...": "...",
            "data_source": {
                "...": "...",
                "permissions_data": [
                    {
                        "read": {
                            "users": ["11446688", "11336699"],
                            "groups": ["11223344"]
                        }
                    },
                    {
                        "update": {
                            "users": ["11446688"],
                            "groups": []
                        }
                    },
                    {
                        "delete": {
                            "users": [],
                            "groups": []
                        }
                    }
                ],
                "...": "..."
            }
        }
    }
]

Examples

To create an Box source connector, see the following examples. For more information on working with source connectors using the Unstructured API, see Source endpoints. 
import os

from unstructured_client import UnstructuredClient
from unstructured_client.models.operations import CreateSourceRequest
from unstructured_client.models.shared import CreateSourceConnector

with UnstructuredClient(api_key_auth=os.getenv("UNSTRUCTURED_API_KEY")) as client:
    response = client.sources.create_source(
        request=CreateSourceRequest(
            create_source_connector=CreateSourceConnector(
                name="<name>",
                type="box",
                config={
                    "remote_url": "<remote-url>",
                    "recursive": <True|False>,
                    "box_app_config": "<box-app-config>"
                }
            )
        )
    )

    print(response.source_connector_information)

Configuration settings

Replace the preceding placeholders as follows:
name
string
required
A unique name for this connector.
remote_url
string
required
The URL to the target Box folder. This URL must take the format box://<path/to/folder/in/account>.
recursive
boolean
default:"false"
Set to true to recursively access files from subfolders within the target Box folder.
box_app_config
string
required
The contents of the private key configuration JSON file for the Box Custom App with access to the target Box folder. This file’s contents must be provided as a single string.

Learn more