Box OAuth App Client ID
Service Name: Box
Service Description: Box is a cloud content management platform that enables businesses to securely store, share, and collaborate on files and documents.
Service Address: https://www.box.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Box APIs on behalf of a user or application.
Secret Revokement URL: https://app.box.com/developers/console
Secret Example: r1vz9uxqogfvyr5yt6md9c8nvw4gw2b8
Suspicious Activity Investigation Instructions:
- Check Box Admin Console for unusual API calls or resource access.
- Review Box activity logs for unauthorized file access or downloads.
- Check for unusual authentication attempts or locations.
- Monitor for unexpected changes in user permissions or sharing settings.
- Look for large data transfers or bulk downloads.
Mitigation Instructions:
- Go to the Box Developer Console.
- Select the application associated with the compromised client ID.
- Open the Configuration tab.
- Select Delete Application to revoke all access.
- Alternatively, regenerate the client secret without deleting the application.
- Create a new application with appropriate scopes if needed.
- Update any legitimate integrations with the new credentials.