> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup with Client Credentials Grant

export const MultiRelatedLinks = ({sections = []}) => {
  if (!sections || sections.length === 0) {
    return null;
  }
  return <div className="space-y-8">
      {sections.map((section, index) => <RelatedLinks key={index} title={section.title} items={section.items} />)}
    </div>;
};

export const RelatedLinks = ({title, items = []}) => {
  const getBadgeClass = badge => {
    if (!badge) return "badge-default";
    const badgeType = badge.toLowerCase().replace(/\s+/g, "-");
    return `badge-${badge === "ガイド" ? "guide" : badgeType}`;
  };
  if (!items || items.length === 0) {
    return null;
  }
  return <div className="my-8">
      {}
      <h3 className="text-sm font-bold uppercase tracking-wider mb-4">{title}</h3>

      {}
      <div className="flex flex-col gap-3">
        {items.map((item, index) => <a key={index} href={item.href} className="py-2 px-3 rounded related_link hover:bg-[#f2f2f2] dark:hover:bg-[#111827] flex items-center gap-3 group no-underline hover:no-underline border-b-0">
            {}
            <span className={`px-2 py-1 rounded-full text-xs font-semibold uppercase tracking-wide flex-shrink-0 ${getBadgeClass(item.badge)}`}>
              {item.badge}
            </span>

            {}
            <span className="text-base">{item.label}</span>
          </a>)}
      </div>
    </div>;
};

export const Link = ({href, children, className, ...props}) => {
  const localizedHref = localizeLink(href);
  return <a href={localizedHref} className={className} {...props}>
      {children}
    </a>;
};

<RelatedLinks
  title="REQUIRED GUIDES"
  items={[
{ label: translate("Select Auth Method"), href: "/guides/authentication/select", badge: "GUIDE" },
{ label: translate("Setup with OAuth 2.0"), href: "/guides/authentication/oauth2/oauth2-setup", badge: "GUIDE" }
]}
/>

## Prerequisites

To set up a Platform App using server-side authentication, you need to ensure
you have access to the [Developer Console][devconsole] from your Box enterprise
account. Alternatively, you may sign up for a [developer account][devaccount].

## App creation steps

### Navigate to the Developer Console

Log into Box and go to the [Developer Console][devconsole].
Select **Platform Apps**, then click **New App**.

### Create a new app

On the **Create a New App** screen, enter your app name
and select **Client Credentials Grant** from the **App Type** dropdown.

<Frame border>
  <img src="https://mintcdn.com/box/J0IlfoFf_v0hLHOU/images/guides/authentication/create-new-app.png?fit=max&auto=format&n=J0IlfoFf_v0hLHOU&q=85&s=e1118ea7200b15165c48f314ea4e9d0f" alt="Create a New App screen" width="1024" height="891" data-path="images/guides/authentication/create-new-app.png" />
</Frame>

<Warning>
  Once you make a selection, you are not able to change to a different
  authentication method without creating a new application.
</Warning>

## App Authorization

Before the application can be used, a Box Admin or Co-Admin needs to authorize it.

<Note>
  If you're using a free developer account, your app is authorized automatically and you can skip the manual authorization step below.
</Note>

On the **Configuration** tab in the [Developer Console][devconsole]:

* If you are a Box Admin or Co-Admin, click **Authorize** to authorize the app immediately.
* If you are not an Admin or Co-Admin, click **Submit** to send an authorization request to your Admin or Co-Admin. You receive an email once the request is approved or denied.

More information on this process is available in our
<Link href="/guides/authorization">authorization guide</Link>.

<Card href={localizeLink("/guides/authorization/platform-app-approval")} arrow title="Learn how to authorize a Platform Application" />

## Basic configuration

### Application Access

An application's access level determines which users and content your app may
access. By default, an application can only successfully interact with the
content of its <Link href="/platform/user-types/#service-account">Service Account</Link> and any <Link href="/platform/user-types">App Users</Link>. To also
access existing Managed Users of an enterprise, navigate to the
**App Access Level** setting on the **Configuration** tab of the
[Developer console][devconsole] and set to **App + Enterprise Access**.

<Frame border>
  <img src="https://mintcdn.com/box/J0IlfoFf_v0hLHOU/images/guides/authentication/app-access-level-new.png?fit=max&auto=format&n=J0IlfoFf_v0hLHOU&q=85&s=8e1e5f2e6b2d8b5fb45f50d0798c5064" alt="App access level" width="1024" height="275" data-path="images/guides/authentication/app-access-level-new.png" />
</Frame>

<Note>
  To authenticate as a Managed User or Admin, enable **Generate User Access Tokens** in the **Additional Configuration** section of the **Configuration** tab.
</Note>

### Application Scopes

An application's scopes determine which endpoints and resources an application
can successfully call. See the <Link href="/guides/api-calls/permissions-and-errors/scopes">scopes guide</Link> for detailed information
on each option.

<Frame border width="600" center>
  <img src="https://mintcdn.com/box/KBEcg4yicgc_HMRY/images/guides/authentication/app-scopes.png?fit=max&auto=format&n=KBEcg4yicgc_HMRY&q=85&s=7d6a76fe395fc483d33179f6c4ad34e1" alt="App scopes" width="1227" height="640" data-path="images/guides/authentication/app-scopes.png" />
</Frame>

### CORS Domains

If your application makes API calls from front-end browser code in
Javascript, the domain that these calls are made from needs to be
added to an allow-list due to [Cross Origin Resource Sharing][cors],
also known as CORS. If all requests are made from server-side code,
you may skip this section.

To add the full URI(s) to the allow-list, navigate to the **CORS Domain**
section at the bottom of the **Configuration** tab in the
[Developer console][devconsole].

<Frame border>
  <img src="https://mintcdn.com/box/KBEcg4yicgc_HMRY/images/guides/authentication/app-cors.png?fit=max&auto=format&n=KBEcg4yicgc_HMRY&q=85&s=12de7f8cec95dc4317b02172ef10e9df" alt="App CORS config" width="1504" height="378" data-path="images/guides/authentication/app-cors.png" />
</Frame>

## Using SDKs and Client Credentials Grant

To learn more about Client Credentials Grant for each SDK head over to:

* [.Net][.Net]

* [Java][Java]

* [Python][Python]

* [Node][Node]

* [IOS][IOS]

[.Net]: https://github.com/box/box-windows-sdk-v2/blob/legacy/docs/authentication.md#server-auth-with-ccg

[Java]: https://github.com/box/box-java-sdk/blob/legacy/doc/authentication.md#client-credentials-grant

[Python]: https://github.com/box/box-python-sdk/blob/legacy/docs/usage/authentication.md#client-credentials-grant

[Node]: https://github.com/box/box-node-sdk/blob/legacy/docs/authentication.md#client-credentials-grant-authentication

[IOS]: https://github.com/box/box-ios-sdk/blob/legacy/BoxSDK/docs/usage/authentication.md#client-credentials-grant

[devconsole]: https://app.box.com/developers/console

[devaccount]: https://account.box.com/signup/n/developer

[cors]: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

<RelatedLinks
  title="RELATED APIS"
  items={[
{ label: translate("Authorize user"), href: "/reference/get-authorize", badge: "GET" }
]}
/>

<RelatedLinks
  title="RELATED GUIDES"
  items={[
{ label: translate("Platform App"), href: "/guides/applications/platform-apps/index", badge: "GUIDE" },
{ label: translate("Select Auth Method"), href: "/guides/authentication/select", badge: "GUIDE" },
{ label: translate("Setup with OAuth 2.0"), href: "/guides/authentication/oauth2/oauth2-setup", badge: "GUIDE" }
]}
/>
