> ## Documentation Index
> Fetch the complete documentation index at: https://docs.unstructured.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Box
> Ingest your files into Unstructured from Box.
First time creating a connector? [Read this first](/api-reference/workflow/connector-first-time-reqs).
## Requirements
You will need:
1. Access to the [Developer Console](https://app.box.com/developers/console) from your [Box enterprise account](https://account.box.com/signup/enterprise-plan) or [Box developer account](https://account.box.com/signup/developer).
2. A Box Custom App in your Box account, set up to use **Server Authentication (with JWT)**. See [Setup with JWT](https://developer.box.com/guides/authentication/jwt/jwt-setup/).
3. The appropriate application scopes and advanced features set up for the Box Custom App, as follows:
* In the Box Custom App, on the **Configuration** tab, under **Application Scopes**, check the box titled **Write all files and folders stored in Box**.
* In the Box Custom App, on the **Configuration** tab, under **Advanced Features**, check the box titled **Make API calls using the as-user header**.
* Click **Save Changes** before continuing.
4. Authorization by a Box Admin in your Box account for the Box Custom App. See [App Authorization](https://developer.box.com/guides/authentication/jwt/jwt-setup/#app-authorization).
5. Access by your Box account's source or target [folder](https://app.box.com/folder/0) to your Box Custom App, as follows:
* In the Box Custom App, on the **General Settings** tab, copy the **Service Account ID** (which takes the form `AutomationUser__`.
6. The private key configuration JSON file for the Box Custom App, or a string that contains this file's contents.
* To download this file, in the Box Custom App, on the **Configuration** tab, under **Add and Manage Public Keys**, click **Generate a Public/Private Keypair**. Store the downloaded private key configuration JSON file in a secure location.
* To ensure maximum compatibility across Unstructured service offerings, you should give the private key configuration JSON file information to Unstructured as
a single-line string that contains the contents of the downloaded private key configuration JSON file (and not the file itself).
To print this single-line string, suitable for copying, you can run one of the following commands from your Terminal or Command Prompt.
In this command, replace `` with the path to the private key configuration JSON file that you downloaded by following the preceding instructions.
* For macOS or Linux:
```text theme={null}
tr -d '\n' <
```
* For Windows:
```text theme={null}
(Get-Content -Path "" -Raw).Replace("`r`n", "").Replace("`n", "")
```
## Document permissions metadata
The source connector outputs any permissions information that it can find in the source location about the processed source files, and associates that information with each corresponding element that is generated. This permissions information is output into the `permissions_data` field, which is within the
`data_source` field under the element's `metadata` field (`metadata.data_source.permissions_data`). This information lists the users or groups, if any, that have
permissions to read, update, or delete the element's associated source document.
The permissions metadata Unstructured outputs should not be used for runtime authorization
or access control enforcement.
Unstructured outputs document permissions metadata that is accurate only
at the point in time when Unstructured ingested the corresponding document
to which those permissions applied. Because this metadata is a
point-in-time copy of the permissions in the source location, these
metadata outputs that are sent to your destination location are not
always guaranteed to match the current permissions in the source location.
Also, be aware that Unstructured updates permission metadata for a document only when the document's content has changed.
This is because Unstructured performs incremental processing of documents only when documents' *content* has changed—not when only the documents'
*permissions* have changed. Whenever Unstructured performs incremental processing of documents for a
workflow (in other words, if **Reprocess All Files** is turned off or set
to false for a workflow), that worfklow will not output metadata for any
document permissions that have been added, changed, or removed since the
previous workflow run, *unless* the corresponding documents' content
has also been changed since the previous workflow run.
Permissions are defined in Box through *collaborations*, which function similar to access control lists. Collaboration objects are attached to folders, and those collaborations cascade down to everything inside that folder. A file's effective permissions come from the chain of ancestor folders above it. For more information, see [Collaborations overview](https://developer.box.com/guides/collaborations/) in the Box developer documentation.
To determine a file's effective permissions, Unstructured traverses the full folder hierarchy for each file, collecting collaborations at every level, and merging them. It also includes collaborations applied directly to the file itself. For more information, see [List folder collaborations](https://developer.box.com/reference/get-folders-id-collaborations/) and [List file collaborations](https://developer.box.com/reference/get-files-id-collaborations/) in the Box developer documentation.
When Unstructured compiles a file's effective permissions:
* If the same user or group appears at multiple levels with different roles, Unstructured chooses the least-restrictive role.
* Unstructured does not include the following in the permission metadata. No sentinel value is written into the permission metadata.
* `all_users_group`: Box's built-in group representing every user in the enterprise.
* `is_access_only`: Collaboration property that determines whether, for collaborators, to display the items in the All Files list and let them see the path to the root folder for the shared item.
* Unstructured only includes collaborations with a status of `accepted`. It does not include collaborations with a status of `pending` or `rejected`.
Unstructured includes a maximum of 500 permissions per file.
Unstructured maps Box roles to `read`, `update`, and `delete` access:
| Box role | Box access | Unstructured permission metadata |
| -------------------- | -------------------------------------------------------- | -------------------------------- |
| `owner` | Full access | `read`, `update`, `delete` |
| `co-owner` | Full access except transfer ownership | `read`, `update`, `delete` |
| `editor` | View, download, upload, edit, delete, copy, move, rename | `read`, `update` |
| `viewer` | Preview, download, comment | `read` |
| `previewer` | Preview | `read` |
| `viewer uploader` | Preview, download, upload | `read` |
| `previewer uploader` | Preview, upload | `read` |
| `uploader` | Upload and see item names | excluded entirely |
Note the following:
* Unstructured excludes the `uploader` role because it confers no `read`, `update`, or `delete` access.
* Unstructured maps the Box `editor` role to `read` and `update` access but not `delete`, even though that role does allow deleting files.
For more information, see [Understanding collaborator permission level](https://support.box.com/hc/en-us/articles/360044196413-Understanding-Collaborator-Permission-Levels) at Box Support.
### Identifier format
Users and groups are identified by the numeric ID that Box assigns them. To retrieve information about a specific user or group, use appropriate Box API with the corresponding ID:
* [Get user](https://developer.box.com/reference/get-users-id/)
* [Get group](https://developer.box.com/reference/get-groups-id/)
### Metadata output example
The following example shows what the output looks like. Ellipses indicate content that has been omitted from this example for brevity.
```json theme={null}
[
{
"...": "...",
"metadata": {
"...": "...",
"data_source": {
"...": "...",
"permissions_data": [
{
"read": {
"users": ["11446688", "11336699"],
"groups": ["11223344"]
}
},
{
"update": {
"users": ["11446688"],
"groups": []
}
},
{
"delete": {
"users": [],
"groups": []
}
}
],
"...": "..."
}
}
}
]
```
## Examples
To create an Box source connector, see the following examples.
For more information on working with source connectors using the Unstructured API, see [Source endpoints](/api-reference/api/source/source-apis).
```python Python SDK theme={null}
import os
from unstructured_client import UnstructuredClient
from unstructured_client.models.operations import CreateSourceRequest
from unstructured_client.models.shared import CreateSourceConnector
with UnstructuredClient(api_key_auth=os.getenv("UNSTRUCTURED_API_KEY")) as client:
response = client.sources.create_source(
request=CreateSourceRequest(
create_source_connector=CreateSourceConnector(
name="",
type="box",
config={
"remote_url": "",
"recursive": ,
"box_app_config": ""
}
)
)
)
print(response.source_connector_information)
```
```bash curl theme={null}
curl --request 'POST' --location \
"$UNSTRUCTURED_API_URL/sources" \
--header 'accept: application/json' \
--header "unstructured-api-key: $UNSTRUCTURED_API_KEY" \
--header 'content-type: application/json' \
--data \
'{
"name": "",
"type": "box",
"config": {
"remote_url": "",
"recursive": ,
"box_app_config": ""
}
}'
```
## Configuration settings
Replace the preceding placeholders as follows:
A unique name for this connector.
The URL to the target Box folder. This URL must take the format `box://`.
Set to `true` to recursively access files from subfolders within the target Box folder.
The contents of the private key configuration JSON file for the Box Custom App with access to the target Box folder. This file's contents must be provided as a single string.
## Learn more
* [Finding Needles in a Haystack: PII Detection at Scale with Unstructured, Box, and Elasticsearch](https://unstructured.io/blog/finding-needles-in-a-haystack-pii-detection-at-scale-with-unstructured-box-and-elasticsearch)