Box Integration with ServiceNow using JWT


This article explains how to:

Set up OAuth provider with JWT Bearer grant type and integrate with Box to make Outbound REST call

Please note this is  just an example configuration that can used as a guideline to configure and ServiceNow is not responsible for any API information from the 3rd party API

Any information regarding 3rd party API ( for example in this case BOX) should be obtained from the Vendor documentation/Support.



            On BOX end

  1. Sign Up for Box Developer Account -
  2. From the Developer Console - - Create 'Custom App'
  3. Authentication Method 'OAuth 2.0 with JWT (Server Authentication)'
  4. Give your  app a unique name and Create App
  5. View you app .
  6.  From 'OAuth 2.0 Credentials' copy the Client ID and Client Secret
  7. 'Add and Manage Public Keys' . Create a new keystore and export a public key from that into BOX .(ex: keytool -genkey -alias snclient -keyalg RSA -validity 365 -keystore jwtdemo.keystore -storepass jwtdemo -keypass jwtdemo)
  8. Once the configuration is done , please note the enterpriseID under App Settings. Ex: "enterpriseID": "324985474"
  9. Authorize the app . My apps -> <App Name> -> General -> 'Submit for Authorization' (authorization email will be sent to admin email used during account creation)
  10. Click on your account name on the top ->  Admin Console 
  11. under admin console -> back to my account  (
  12. Create a new folder and upload a text file .

            On ServiceNow Instance end

  1. Upload Java Key Store certificate : System Definition -> Certificates -> New -> Type (java key store) -> storepass ( key store password from BOX step 7  ) -> attach the keystore created from BOX step 7
  2. Configure a JWT signing key: System OAuth > JWT Keys -> New -> Signing Keystore (associate keystore created from step above step ) -> Signing key (key store password). 
  3. Create a JWT provider with a JWT signing key: System OAuth > JWT Provider -> New -> Associate the 'Signing Configuration' from above step .
  4. Standard Claims :  aud: , iss:[client_id],sub:[enterpriseID from step 8].  Custom  Claims: box_sub_type:enterprise
  5. Create OAuth application registry entry :System OAuth -> Application Registry -> New -> Connect to a third party OAuth Provider -> Default Grant type ( JWT Bearer) -> Token URL (
  6. Under OAuth entity profile (oauth_entity_profile) associate the created 'jwt provider'
  7. Create REST Message : System Web Services -> Rest Message -> End Point ( -> OAuth Profile (Associate the 'OAuth Profile' from above step)
  8. In the REST Message , click on 'Get OAuth token' to get the access token
  9. Go to the 'Default GET' method and click on 'Test' . A successful JSON returned . One of the value returned is Service Account of the box app . For example {"type":"user","id":"12595253003","name":"uday_box_jwt","login":""}
  10.  On the BOX end , share the folder and file with the above user (
  11.  On ServiceNow End: To Get Folder information > Create New Method (GET) > End Point :<FOLDER_ID>  Folder Id can be obtained by clicking on the folder name on box end (ex: )
  12. On ServiceNow End: To Get File information > Create New Method (GET) > End Point :<FILE_ID> Folder Id can be obtained by clicking on the folder name on box end (ex:  )