Skip to content

Box OAuth App Client ID

Service Name: Box

Service Description: Box is a cloud content management platform that enables businesses to securely store, share, and collaborate on files and documents.

Service Address: https://www.box.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Box APIs on behalf of a user or application.

Secret Revokement URL: https://app.box.com/developers/console

Secret Example: r1vz9uxqogfvyr5yt6md9c8nvw4gw2b8

Suspicious Activity Investigation Instructions:

  • Check Box Admin Console for unusual API calls or resource access.
  • Review Box activity logs for unauthorized file access or downloads.
  • Check for unusual authentication attempts or locations.
  • Monitor for unexpected changes in user permissions or sharing settings.
  • Look for large data transfers or bulk downloads.

Mitigation Instructions:

  • Go to the Box Developer Console.
  • Select the application associated with the compromised client ID.
  • Open the Configuration tab.
  • Select Delete Application to revoke all access.
  • Alternatively, regenerate the client secret without deleting the application.
  • Create a new application with appropriate scopes if needed.
  • Update any legitimate integrations with the new credentials.