Skip to main content

Connecting Box

This guide walks you through connecting a Box storage destination to Pluton.

Prerequisites

Before connecting Box, you need:

  1. A Box account (Personal, Business, or Enterprise) - Sign up here
  2. A Box Developer App with OAuth 2.0 credentials
  3. Client ID and Client Secret from the Box Developer Console

Getting Your Credentials

Step 1: Create a Box Developer App

  1. Go to the Box Developer Console
  2. Click Create New App
  3. Select Custom App
  4. Choose User Authentication (OAuth 2.0) as the authentication method
  5. Give your app a name (e.g., "Pluton Backups") and click Create App

Step 2: Configure Your App

  1. In the app configuration page, go to the Configuration tab
  2. Under OAuth 2.0 Credentials, copy the Client ID and Client Secret
  3. Under OAuth 2.0 Redirect URI, add http://127.0.0.1:53682/ as a redirect URI (required for the rclone authorize flow)
  4. Under Application Scopes, ensure Read and write all files and folders is enabled
  5. Click Save Changes

Step 3: Generate an OAuth Token

Since Pluton runs on a server that may not have a web browser, you need to generate an OAuth token using rclone authorize:

  1. Install rclone on a machine with a web browser
  2. Run the following command: 
    rclone authorize "box" "your_client_id" "your_client_secret"
  3. A browser window will open — log in with your Box account and grant access
  4. Copy the JSON token blob printed to the terminal

Connecting to Pluton

Pluton Box

Step 1: Add Storage

  1. In Pluton, navigate to Storages
  2. Click Add Storage button
  3. Select Box from the provider list

Step 2: Configure Connection

Fill in the required fields:

  • Storage Name: A friendly name (e.g., "Box Backups")
  • Client ID: Your Box OAuth Client ID
  • Client Secret: Your Box OAuth Client Secret
  • OAuth Access Token: Paste the JSON token blob obtained from rclone authorize

Step 3: Advanced Options (Optional)

Additional settings available:

  • Root Folder ID: Set a non-root folder as the starting point. Use 0 for the root folder (default). You can find a folder's ID in the URL when viewing it on box.com
  • Config File: Path to a Box App config.json file for JWT (Service Account) authentication as an alternative to OAuth
  • Client Credentials: Enable to use the OAuth2 Client Credentials flow instead of interactive login. Useful for server-to-server authentication
  • Upload Cutoff: Cutoff for switching to multipart upload (default: 50 MiB, minimum 50 MiB)
  • Commit Retries: Maximum number of times to try committing a multipart file (default: 100)
  • List Chunk: Size of listing chunk, from 1 to 1000 (default: 1000)
  • Owned By: Only show items owned by a specific user (enter their email address)
  • Impersonate User: When using a service account, impersonate this user ID to act on behalf of another user

Step 4: Test and Save

  1. Click Test Connection to verify credentials
  2. If successful, click Save
  3. Your Box storage is now ready for backup plans

Common Issues

Token Expired: Box OAuth tokens expire periodically. Re-run rclone authorize "box" with your Client ID and Client Secret to generate a fresh token, then update it in Pluton.

App Not Authorized: For Box Business/Enterprise accounts, an admin may need to authorize your app in the Admin ConsoleAppsCustom Apps before it can be used.

Redirect URI Mismatch: Ensure http://127.0.0.1:53682/ is listed as a redirect URI in your Box app configuration. This is required for the rclone authorize flow.

File Size Limits: Box has file size limits based on your plan (free: 250 MB, Business: 5 GB, Enterprise: 15 GB per file). Ensure your backup files do not exceed the limit.

Rate Limiting: Box enforces API rate limits. If you encounter "Too Many Requests" errors, the operation will automatically retry. For very large transfers, consider running backups during off-peak hours.

Best Practices

  • Create a dedicated Box Developer App specifically for Pluton to keep credentials isolated
  • Use a Root Folder ID to restrict backups to a specific folder rather than the entire Box account
  • For Box Business/Enterprise, use Service Account (JWT) authentication for unattended server operations
  • Monitor storage usage in the Box Admin Console to ensure you have sufficient space
  • Box maintains file version history — check your plan's version retention settings
  • Keep your OAuth token updated by refreshing it whenever you notice connection issues