Using Box Content APIs to Deliver Enterprise-Grade Security in Your Custom Apps

This is the first article of a three-part series on building custom applications with Box Content APIs. 

Like most SaaS applications, Box provides a suite of open APIs that customers and partners can use for integrations. These APIs support everything from the way that Box and Office365 integrate seamlessly, to our Trust Partner program, to the 1,600 third-party applications in our app store. This API-first strategy has been incredibly successful, to the point where more than half of our monthly API calls come from third-party integrations vs our first-party apps!

A couple of years ago, our customers started to use our APIs not only for internal productivity tools, but also to power customer-facing applications. Guaranteed Rate, for example, used Box to add a file-upload feature to their mobile application, allowing applicants to easily and securely upload loan applications that would be delivered via Box to their back office. We always knew that Box was a viral product, but now we recognized a new class of users, the customers of our customers.

Serving the Customers of Our Customers with Box Platform

At Box, we pride ourselves on offering a consumer-grade User Experience married to enterprise-grade security and compliance. It was therefore not surprising that when our customers had completed digitizing their internal processes, and started looking to digitize the way they interact with their customers, that they looked to Box for help with that as well. We’re not unique in making this shift in focus. Salesforce introduced Communities to go after the customers of their customers, for example, Workday and ServiceNow both have customer-facing components to their platform. The line between internal applications managed by the CIO and external-facing applications managed by the Chief Digital Officer (or Head of Marketing) are blurring as the external-facing applications support more and more business-critical processes. Leading SaaS applications are all adapting to meet the opportunity to unify these previously disparate worlds.

We responded to the opportunity by introducing Box Platform, a way to license Box for external users. These users get access to Box services without even knowing that Box is in the picture.

Using Box Platform with our App User model, every user who logs in to your custom web or mobile application can have a Box identity created programmatically. They can then upload files, download files, preview the 120 file types that we support in our viewers, and collaborate via comments and tasks—all with the security and compliance of the underlying Box platform. 

This is Box Platform in a nutshell: we’ve opened up the Content API underneath the Box application to go beyond Integration, to allow you to leverage our services in your customer-facing applications. If you are building a patient Portal, or a wealth management document vault, or a way to deliver monthly statements to your customers, or any other use where content needs to flow securely through a custom interface, you can use Box Platform behind your application.

Sometimes, Customers Use Box Platform in Unexpected Ways

We had some ideas of what types of applications our customers might develop, but the true power of a platform is when customers do things you would not expect. We’ve had customers build applications in the financial services and healthcare space, as we would expect. We’ve had a lot of customers build sales enablement tools, solving the ever present issue of ensuring that sales reps are trained on the latest products and always delivering the most up-to-date sales collateral to prospects. But we’ve also had interest from customers building applications to help homebuilders monitor the progress of their homes, or delivering secure digital content to innovative toys, to get video content from IoT devices, to help standards bodies collaborate and then publish their products. And this is only in Box Platform’s first nine months!

Be sure to read the next Security article: Yelp Bug-Bounty Program Moves from Private to Public